Hello, 2 questions about REQUEST.fbclid and GET.fbclid
your plugin (installed version:5.5.1, on php 7.2, WP 5.2.3) shows some REQUEST.fbclid and GET.fbclid from different IPs (from the DB table) with following TAGS:
xss, csrf, id
xss, csrf, id, rfe, lfi
xss, csrf, id, sqli, lfi, rfe
the third one (sqli) worries me a little bit. These are URLs coming from Facebook posts or ads, and they should be good, but why are some REQUEST.fbclid and GET.fbclid showing tags like sqli, and the others xss, csrf, id, rfe, lfi?
Not sure to block these IPs or esclude them being from people linking inside the Facebook platform or they are new ways that hackers are implementing.
What is your suggestion?
-
This topic was modified 5 years, 7 months ago by
salhmwp.