Nonce actions and names available via open source

Specific to nonce there is nothing to worry about as there is a third private parameter which is kept in secret (one of the keys added in your wp_config.php file).

In general, there is no such thing as “closed source”, and all code can be read and interpreted by anyone that is willing to dedicate the time. The fact that it is easier for you to see how the code works do not make it by default better or worse security wise, and each case needs to be evaluated on its own merit.

In your case for example, the calculation of the nonce might be done perfectly but it might be made public because of some bug in the code.

Related Posts:

  1. Is wp_nonce_field vulnerable if you know the action name?
  2. Should I use wp_nonce_field on my contact form?
  3. Nonces and Cache
  4. Can I verify nonce which was generated on a different WP site?
  5. When is it useful to use wp_verify_nonce
  6. Help with forms and nonces
  7. not logged in users can’t submit form
  8. wp_create_nonce function doesn’t work inside a plugin?
  9. Using Contact Forms to Send Private Information [closed]
  10. Can you have more than one nonce on a page?
  11. How to stop direct HTTP POST to a PHP script?
  12. Should wordpress nonce be placed in html form or in javascript file
  13. whether a nonce is required for get type and get_query_var?
  14. CSRF attack to create USER
  15. Passing form data on submit
  16. wp_nonce for Front-End submission form not working
  17. What characters are allowed in an email address?
  18. What is an easy way to display a front-end user registration form?
  19. Are Nonces Useless?
  20. How do WordPress Nonces Work?
  21. How to get current url in contact form 7
  22. Verify nonce in REST API?
  23. How to pass on Google Adwords gclid variable to other pages
  24. Stop wordpress automatically escaping $_POST data
  25. Best way to create multi-step form with data saved to user account for later updating?
  26. Handling nonces for actions from guests to logged-in users
  27. Custom Registration Template/Page
  28. need to add attach thumbnail from my form
  29. Checkbox won’t check when label is clicked
  30. Duplicating/Cloning Multiple Form Fields
  31. Nonces, AJAX, script variables & security in WordPress
  32. When must I use and verify nonce?
  33. Add contact form
  34. How do I check if AJAX nonces are implemented correctly?
  35. 404 on form submit [duplicate]
  36. Form Processing
  37. Reset recaptcha contact form 7 [closed]
  38. Saving checkbox/option list status?
  39. Customize reset password form redirect problem
  40. What is the valid phone number format accepted by contact-form-7 [closed]
  41. How to use TinyMCE in the quick edit form?
  42. post request does not redirect but why
  43. How to retrieve form data?
  44. Creating User Form Submission – Only allow them to see their own submissions
  45. Embed interactive pdf
  46. wp_nonce_field displaying twice
  47. Contact Form 7 not sending emails- no confirmation, no error [closed]
  48. Is it safe to use a global wp nonce per user instead of a nonce per action?
  49. Grab values from the query string to fill in hidden fields in ninja forms [closed]
  50. Make editor required for post from frontend
  51. WordPress tabindex Order
  52. PHP form is not sending mail if I use mime type and version in header. How to solve this? [closed]
  53. Custom form in admin area, redirect in wrong page
  54. Form action URL unrecognized
  55. How to code auto-retry for API call
  56. How to check form input against PHP variable?
  57. Restrict Access without Creating Users
  58. how to insert textbox value in existing database table in wordpress?
  59. Using nonce when loading posts with AJAX
  60. Is it possible to pass variables to WordPress externally?
  61. Front end post form validation
  62. How to redirect with success message in wordpress admin panel?
  63. WordPress – Users with contact form on profile
  64. How to stop iFrame form from reloading on mobile?
  65. Am receiving more than thousand mails in single day from ‘[email protected]’ continuously
  66. Sliding Register – Login Forms
  67. I’m needing to figure out how to create a page that user could create a “task” and it be selectable on a form
  68. contact form and WP loop
  69. AMP and Paypal form CORS issue
  70. Timezone dropdown in form
  71. .html form added to a page
  72. why form in front-page.php redirect to blog page
  73. How do i can data from my custom form to a custom table
  74. Form Sanitization and Validation
  75. Remove active cursor from form field
  76. import excel form into wordpress
  77. Custom forms + Polylang
  78. What is the proper way to embed the HTML of an external form such as payflowlink from paypal?
  79. How to make caption field required in media library?
  80. Displaying errors on the front end from my plugin
  81. Username from e-mail
  82. Custom Contact Form Not Sending (but not giving error)
  83. Assigning input to variable
  84. Send message to author without showing email address [duplicate]
  85. Custom form on front page redirects on error page
  86. IE 9 Clears Form Fields
  87. Form validation on user profile edit
  88. custom form submission
  89. How to get formidable entry ID by post ID? [closed]
  90. Using form method in a template WordPress page
  91. Calling custom PHP from a HTML form post action gives 404 error
  92. Reset form on onclick function
  93. How to add a checkbox with categories of entries to the form Contact Form 7 WordPress
  94. Conditional Logic for the Input Mask in Caldera Forms [closed]
  95. Form that stores emails [closed]
  96. Adding Mailchimp API key dynamically
  97. WordPress – custom user flow registration approval
  98. Gravity form with paypal adon should return custom receipt
  99. I cannot enter the letter C in the form [closed]
  100. Add options to WordPress Blocks form dropdown field
tech