It has been noticed that the CSRF tokens generated by CMSimple_XH are not cryptographically secure, and as such do not really fulfill their purpose. This issue has been fixed in CMSimple_XH 1.7.1, so it's best to update to this version. If you're still stuck with CMSimple_XH 1.6 for whatever reason, it is recommended that you apply the patch yourself. However, note that this will only work if you use at least PHP 7.0.0! Unfortunately, there is no easy fix for CMSimple_XH 1.6/PHP 5!
A place for security related announcements and discussions - please check this forum frequently!
1 post • Page 1 of 1