php.wordpress-plugins.security.audit.wp-csrf-audit.wp-csrf-audit

semgrep

Author

unknown

Download Count*

LGPL Commons Clause

License

Passing false or 0 as the third argument to this function will not cause the script to die, making the check useless.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: wp-csrf-audit
    pattern: check_ajax_referer(...,...,false)
    message: Passing false or 0 as the third argument to this function will not
      cause the script to die, making the check useless.
    paths:
      include:
        - wp-content/plugins/**/*.php
    languages:
      - php
    severity: WARNING
    metadata:
      category: security
      confidence: LOW
      likelihood: LOW
      impact: MEDIUM
      subcategory:
        - audit
      technology:
        - Wordpress Plugins
      references:
        - https://github.com/wpscanteam/wpscan/wiki/WordPress-Plugin-Security-Testing-Cheat-Sheet#cross-site-request-forgery-csrf
        - https://developer.wordpress.org/reference/functions/check_ajax_referer/
      owasp:
        - A05:2021 - Security Misconfiguration
      cwe:
        - "CWE-352: Cross-Site Request Forgery (CSRF)"
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Cross-Site Request Forgery (CSRF)

Examples

wp-csrf-audit.php

<?php

// ruleid: wp-csrf-audit
check_ajax_referer( 'wpforms-admin', 'nonce', false );

// ok: wp-csrf-audit
check_ajax_referer( 'wpforms-admin', 'nonce', true );


// ok: wp-csrf-audit
check_ajax_referer( 'wpforms-admin', 'nonce' );

?>

Short Link: https://sg.run/K2y5