After submitting my website to a vulnerability scanning service, they came back and said that we have a “HTML form without CSRF protection.” After doing a little research a few websites mentioned using BPS, however I have not seen anything mentioned about CSRF on any support forms. The only mention of CSRF is in the plugin description. How do I know if CSRF protection is enabled? Do I have to sort of activate it by adding custom code? Any help on how to enable CSRF protection within the plugin would be very helpful. Thank you.
↧