As found out by different sources, all current versions of Website Baker are vulnerable to CSRF attacks.
(If you do not know what CSRF is, google for it or have a look into Wikipedia.)
The upcoming version 2.8.2 of Website Baker will not be vulnerable anymore, but is not available yet.
To some degree, you can protect yourself against CSRF attacks if you do as follows:
- 1. If you did it not already, install a second web browser
- 2. Use another than your default web browser to administer your Website Baker site. The default browser is the one who opens when you click on a link in your email program, for instance.
- 3. In the browser you are using for administration, do not open any other web pages as long as you are logged on to your WB site. Use the default browser for opening any other web site.
- 4. As soon as you finished your administration task, log off from the WB site.