GetSimple Support Forum

Full Version: nonce functions
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Most (if not all) plugins that have a backend do not make use of GS get_nonce, check_nonce... functions.
Should they?
Does this make GS+plugins less safe?
I think it would be harder to target a csrf attack on a plugin.
You really have to know your victim has a high probability of having it installed