Is WordPress vulnerable to “comment posting forgery”?

This is a false alarm. Many “Security Programs” do that. That’s called FUD.

WordPress does not check the Referer header, because it is often empty, and real spammers send the site URL as Referer anyway.

But all comment field are sanitized, so no harmful code will be injected. Install an anti-spam plugin, and everything is fine. This report is obviously bogus.

Related Posts:

  1. comment_post_ID 0 (cannot remove from dashboard)
  2. Why do I get accidental comments without (the required) email address?
  3. How to Block Access to Standard Login Flow and Comment Flow
  4. Strategies for coping with hyperagressive spambots?
  5. Sanitizing comments or escaping comment_text()
  6. wp_insert_comment and security
  7. Admin can enter JavaScript – potential security risk?
  8. reCaptcha doesnt appear in comment (manual or plugin)
  9. WordPress scruity issue – Totally disable all comments by CSS — secure enough?
  10. How are readers authenticated for leaving comments?
  11. WordPress Commenting System User access and Security
  12. comments reply script not working
  13. What should I do to make generated avatars different for anonymous comments?
  14. Check If comment author is registered
  15. How do I set up real anonymous posting in bbpress forums? [closed]
  16. How do I turn off wordpress comments ability to capture a users ip address?
  17. Success message in comment form
  18. How to allow the reply link to remain on the comment form after I have reached my 10 nested comment limit?
  19. How to remove commenters ability to add hyperlinks to comments?
  20. Is there a hook for comment author link?
  21. Exclude internal links from comment moderation?
  22. Change the HTML output of comments
  23. Can’t add default comments to custom post type
  24. Upload images with comment
  25. Prevent Contributor to show comment list
  26. where to modify get_comment_author_link()?
  27. Change language of comments template
  28. Why Allow Script Commands in Comments?
  29. How to enable comments options?
  30. WordPress comment count to include attachment comments
  31. How to no follow the paginated comments
  32. Remove “Comments are closed” Notice from Custom Post Type template
  33. Comment count wrong with orphaned comments
  34. Comment form problem with comment_author_url and HTML5 input placeholders
  35. Get comment content by comment ID
  36. Pings and replies
  37. Retrieve comments from current post using SQL
  38. Comment_Reply_Link Not Showing?
  39. Display recent comments with gravatar and excerpts?
  40. Sync comment data
  41. Comment displaying full name even after setting another display name?
  42. How to move comments box above comments
  43. save_post action hook for comments
  44. Ability to leave comments broken
  45. How to disable comment flood temporarily in a single scope
  46. How to create a seperate commenting system?
  47. Change how many approved comments must user have
  48. Only admin can see comments on post or page
  49. Count comment threads, not total comments in a post
  50. Show comments of a user post only when they are login
  51. Display Custom comments field number
  52. How to get and use the the number of days since the last comment?
  53. Trying to post a wordpress comment on my site redirects to 127.0.0.1
  54. Best way to tell if a comment is from a user?
  55. How can get comment link by comment id?
  56. How to amend time format of comments, using child-theme?
  57. Make user’s name display as the site name in comments if it matches certain roles
  58. Display avatar with comment form?
  59. Adding SQL source code to comments
  60. How to control size of comments popup window?
  61. How to make comments private for commentor and post author
  62. Name of comment field differs on different sites
  63. Sent comments notifications to multiple users
  64. Applying same style to all the comments on the page
  65. Customise Comment form
  66. assumed as comment line
  67. How / where is the wp_query object created for RSS feeds?
  68. Separate page for comments using permalinks and add_rewrite_rule
  69. Return count for characters in the comment and perform action based on the length
  70. How to load new posts from wordpress db into wordpress homepage without refreshing the site?
  71. Delete/Spam Comment Button
  72. Who approved a comment, to show up in dashboard
  73. comments.php remove date/time’s #hyperlink
  74. comment just attachment .. reply just text … can I do that?
  75. How to make email field not required in comments?
  76. How to prevent users/authors from seing IP/email of new commentators?
  77. Why are my threaded comments not quite working? [closed]
  78. I want to limit registered user to 1 comment per post in WordPress
  79. edit comments in front end
  80. How to replace anonymous comment form with a registration form on wordpress?
  81. What is wrong with this? [closed]
  82. Comment moderation
  83. I have tried using Plugins to remove 72K comments with no success
  84. How to get the 5 most recent comments and each comment 5 most recent replies (children)
  85. Comment text area in single blog post and show comments if approved
  86. comment files and s
  87. How to ‘If Author’ Comments Check
  88. selectively disable akismet
  89. Disqus moderation page not working in WordPress admin section
  90. Comment Blacklist
  91. Comment forum to display under the comment you’re replying too
  92. Recent comments per tagged post?
  93. Subscribe to a post’s comments without posting a comment yourself
  94. Modify “Recent Comments” List in WP-Admin
  95. Comment submission & navigation redirects to default language
  96. How to hide the login / profile urls on top of comment box for a post
  97. wp_list_comments adds unnecessary elements
  98. Why default comment fields don’t show up?
  99. How can I filter the user avatar displayed in comments? – get_avatar_url filter works everywhere but not in comments
  100. WordPress Editor widgets “comments” and “post comments form” getting disappeared with elementor [closed]
techhipbettruvabetnorabahisbahis forumutaraftarium24edusedueduedueduedusedueduseduedus