Authorization vs. Intent: Why You Should Always Verify Both

The Wordfence Threat Intelligence team has observed a recent increase in the number of partial vulnerability patches that don’t properly address separate underlying issues. More specifically, we have been seeing an increase in Missing Authorization vulnerabilities that are fixed using tools intended for addressing Cross-Site Request Forgery, which are two independently fixable vulnerability types that should be treated as such.

This post was originally published on Wordfence by Marco Wotschka.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.