Nonce actions and names available via open source

Specific to nonce there is nothing to worry about as there is a third private parameter which is kept in secret (one of the keys added in your wp_config.php file).

In general, there is no such thing as “closed source”, and all code can be read and interpreted by anyone that is willing to dedicate the time. The fact that it is easier for you to see how the code works do not make it by default better or worse security wise, and each case needs to be evaluated on its own merit.

In your case for example, the calculation of the nonce might be done perfectly but it might be made public because of some bug in the code.

Related Posts:

  1. Is wp_nonce_field vulnerable if you know the action name?
  2. Should I use wp_nonce_field on my contact form?
  3. Nonces and Cache
  4. Can I verify nonce which was generated on a different WP site?
  5. When is it useful to use wp_verify_nonce
  6. Help with forms and nonces
  7. not logged in users can’t submit form
  8. wp_create_nonce function doesn’t work inside a plugin?
  9. Using Contact Forms to Send Private Information [closed]
  10. Can you have more than one nonce on a page?
  11. How to stop direct HTTP POST to a PHP script?
  12. Should wordpress nonce be placed in html form or in javascript file
  13. whether a nonce is required for get type and get_query_var?
  14. CSRF attack to create USER
  15. Passing form data on submit
  16. wp_nonce for Front-End submission form not working
  17. CF7 for radio buttons only, ok?
  18. Is there a solution to expired nonces in forms when using full page caching that doesn’t involve configuring the cache?
  19. What is &amp used for
  20. How to define form action in JSF?
  21. Free or affordable OCR and ICR (handwriting recognition) SDK?
  22. What characters are allowed in an email address?
  23. How to include landing page with form submission?
  24. How to edit a user profile on the front end?
  25. How to display user registration form on front-end of the website?
  26. wp_verify_nonce vs check_admin_referer
  27. How to handle form submission?
  28. How does nonce verification work?
  29. What is an easy way to display a front-end user registration form?
  30. Are Nonces Useless?
  31. Add error message on password protected page
  32. Nonces can be reused multiple times? Bug / Security issue?
  33. How do WordPress Nonces Work?
  34. how to set from address according to the form input email address for wp_mail()?
  35. How to get current url in contact form 7
  36. Verify nonce in REST API?
  37. Is it safe to assume that a nonce may be validated more than once?
  38. How to pass on Google Adwords gclid variable to other pages
  39. Multiple ajax nonce requests
  40. using update_user_meta in form to set and get custom meta
  41. Stop wordpress automatically escaping $_POST data
  42. Best way to create multi-step form with data saved to user account for later updating?
  43. Nonce in settings API with tabbed navigation
  44. User registration problem in WordPress
  45. Creating a contact form without a plugin [closed]
  46. How to submit data from HTML form?
  47. Handling nonces for actions from guests to logged-in users
  48. Custom Registration Template/Page
  49. show image in mail contact form 7 [closed]
  50. Where should my plugin POST to?
  51. Submitting post to database then redirecting to paypal
  52. Registration form labels – add asterisk
  53. Autocomplete for taxonomy input boxes on a front end form
  54. Security – Ajax and Nonce use [closed]
  55. Sending form data via PHPMailer – How to action PHP script from a form
  56. How to create and retrieve data from a special registration form?
  57. Contact form 7 Dynamic text – placeholder on GET field
  58. Settings API erases itself?
  59. how to handle forms in multiple pages?
  60. set_query_var doesn’t seem to work on init hook
  61. How to send multipart form data to WordPress endpoint
  62. need to add attach thumbnail from my form
  63. Wp_mail Returning False on Server
  64. recommended practice for form submission
  65. Placeholders in Jetpack Contact Form [closed]
  66. Security around save_post hook
  67. wp_verify_nonce always returns false when logged in as admin
  68. How to update selective options on plugin settings page
  69. Built-in data validation function for URLs
  70. $_POST empty on submit (same code, same form submits normally on local server)
  71. Gravity Forms skip form if already filled out using cookie?
  72. Loading scripts & styles from a meta box callback function
  73. Checkbox won’t check when label is clicked
  74. One comment per user per post
  75. Confusion on WP Nonce usage in my Plugin
  76. Looking for a simple approach for handling user $_POST data without AJAX?
  77. Trying to save and display a wp_editor()
  78. How to return variables from admin-post.php
  79. Help with verifying google recaptcha in a custom form
  80. Setting specific image size for specific form upload file field
  81. Duplicating/Cloning Multiple Form Fields
  82. Nonces, AJAX, script variables & security in WordPress
  83. Contact forms going into spam folder
  84. Get data from dropdown and update page
  85. Mail Form in a modal box without plugin
  86. Using the WordPress selected() function
  87. When must I use and verify nonce?
  88. Performing a POST action on homepage goes to posts page
  89. Add contact form
  90. How am I able to get the value out of cookie array when I push a button?
  91. How do I check if AJAX nonces are implemented correctly?
  92. 404 on form submit [duplicate]
  93. How to Process Form Request
  94. Security checking in meta_box save is reluctant?
  95. How Could I sanitize the receive data from this code
  96. Form Processing
  97. Reset recaptcha contact form 7 [closed]
  98. Return to option page after running PHP script
  99. Saving checkbox/option list status?
  100. Customize reset password form redirect problem
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)