Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3426272

Timestamp:

12/23/2025 02:35:01 PM (3 months ago)

Author:

NicolasKulka

Message:

Fix vulnerability (Thanks Legion Hunter - Patchstack) : Subscriber level user can inject any option field for option name "wps_display" via AJAX.

Location:

wps-bidouille

Files:

: 112 added
: 5 edited

tags/1.33.2 (added)
tags/1.33.2/admin_page (added)
tags/1.33.2/admin_page/plugin.php (added)
tags/1.33.2/admin_page/remove_from_cache.php (added)
tags/1.33.2/admin_page/suggest_plugins_themes.php (added)
tags/1.33.2/admin_page/suggestions.php (added)
tags/1.33.2/admin_page/tools.php (added)
tags/1.33.2/admin_page/white_label.php (added)
tags/1.33.2/assets (added)
tags/1.33.2/assets/css (added)
tags/1.33.2/assets/css/style.css (added)
tags/1.33.2/assets/fontawesome (added)
tags/1.33.2/assets/fontawesome/fontawesome-all.min.js (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/fontawesome-all.min.css (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-brands-400.eot (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-brands-400.svg (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-brands-400.ttf (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-brands-400.woff (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-brands-400.woff2 (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-light-300.eot (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-light-300.svg (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-light-300.ttf (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-light-300.woff (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-light-300.woff2 (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-regular-400.eot (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-regular-400.svg (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-regular-400.ttf (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-regular-400.woff (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-regular-400.woff2 (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-solid-900.eot (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-solid-900.svg (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-solid-900.ttf (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-solid-900.woff (added)
tags/1.33.2/assets/fontawesome/web-fonts-with-css/webfonts/fa-solid-900.woff2 (added)
tags/1.33.2/assets/img (added)
tags/1.33.2/assets/img/bg_pub.png (added)
tags/1.33.2/assets/img/bg_title_plugin.png (added)
tags/1.33.2/assets/img/check-and-tools-logo-in-plugin.png (added)
tags/1.33.2/assets/img/icone-encours.png (added)
tags/1.33.2/assets/js (added)
tags/1.33.2/assets/js/functions.js (added)
tags/1.33.2/assets/js/jquery (added)
tags/1.33.2/assets/js/jquery-tiptip (added)
tags/1.33.2/assets/js/jquery-tiptip/jquery.tipTip.js (added)
tags/1.33.2/assets/js/jquery-tiptip/jquery.tipTip.min.js (added)
tags/1.33.2/assets/js/jquery/jquery-migrate.min.js (added)
tags/1.33.2/assets/js/jquery/jquery.min.js (added)
tags/1.33.2/assets/js/notifs.js (added)
tags/1.33.2/autoload.php (added)
tags/1.33.2/blocks (added)
tags/1.33.2/blocks/check_cache.php (added)
tags/1.33.2/blocks/check_old_plugins.php (added)
tags/1.33.2/blocks/db_prefix.php (added)
tags/1.33.2/blocks/logs.php (added)
tags/1.33.2/blocks/menu.php (added)
tags/1.33.2/blocks/mysql.php (added)
tags/1.33.2/blocks/notifications.php (added)
tags/1.33.2/blocks/optimisations.php (added)
tags/1.33.2/blocks/pub.php (added)
tags/1.33.2/blocks/pub_wpboutik.php (added)
tags/1.33.2/blocks/report_system.php (added)
tags/1.33.2/blocks/server_information.php (added)
tags/1.33.2/blocks/settings_autoupdate.php (added)
tags/1.33.2/blocks/ssl.php (added)
tags/1.33.2/blocks/suggest (added)
tags/1.33.2/blocks/suggest/plugin_premiums.php (added)
tags/1.33.2/blocks/suggest/theme_premiums.php (added)
tags/1.33.2/blocks/suggest/themes.php (added)
tags/1.33.2/blocks/title.php (added)
tags/1.33.2/blocks/update_traduction.php (added)
tags/1.33.2/blocks/user_info.php (added)
tags/1.33.2/blocks/wpboutik.php (added)
tags/1.33.2/blocks/wps_cleaner.php (added)
tags/1.33.2/blocks/wps_hide_login.php (added)
tags/1.33.2/blocks/wps_limit_login.php (added)
tags/1.33.2/classes (added)
tags/1.33.2/classes/db-prefix.php (added)
tags/1.33.2/classes/disable-rest-api (added)
tags/1.33.2/classes/disable-rest-api/disable-rest-api.php (added)
tags/1.33.2/classes/helpers.php (added)
tags/1.33.2/classes/plugin.php (added)
tags/1.33.2/classes/removefromcache.php (added)
tags/1.33.2/classes/singleton.php (added)
tags/1.33.2/classes/suggest-plugins-themes.php (added)
tags/1.33.2/classes/suggestions.php (added)
tags/1.33.2/classes/systemreport.php (added)
tags/1.33.2/classes/tools.php (added)
tags/1.33.2/classes/whitelabel.php (added)
tags/1.33.2/composer.json (added)
tags/1.33.2/composer.lock (added)
tags/1.33.2/languages (added)
tags/1.33.2/languages/wps-bidouille-fr_FR.mo (added)
tags/1.33.2/languages/wps-bidouille-fr_FR.po (added)
tags/1.33.2/languages/wps-bidouille.pot (added)
tags/1.33.2/readme.txt (added)
tags/1.33.2/vendor (added)
tags/1.33.2/vendor/autoload.php (added)
tags/1.33.2/vendor/composer (added)
tags/1.33.2/vendor/composer/ClassLoader.php (added)
tags/1.33.2/vendor/composer/InstalledVersions.php (added)
tags/1.33.2/vendor/composer/LICENSE (added)
tags/1.33.2/vendor/composer/autoload_classmap.php (added)
tags/1.33.2/vendor/composer/autoload_namespaces.php (added)
tags/1.33.2/vendor/composer/autoload_psr4.php (added)
tags/1.33.2/vendor/composer/autoload_real.php (added)
tags/1.33.2/vendor/composer/autoload_static.php (added)
tags/1.33.2/vendor/composer/installed.json (added)
tags/1.33.2/vendor/composer/installed.php (added)
tags/1.33.2/vendor/composer/platform_check.php (added)
tags/1.33.2/wps-bidouille.php (added)
trunk/admin_page/plugin.php (modified) (1 diff)
trunk/assets/js/functions.js (modified) (3 diffs)
trunk/classes/plugin.php (modified) (3 diffs)
trunk/readme.txt (modified) (2 diffs)
trunk/wps-bidouille.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

wps-bidouille/trunk/admin_page/plugin.php

r3099121	r3426272
5	5	} ?>
6	6
7		<div id="plugin-filter" class="wrap">
	7	<div id="plugin-filter" class="wrap" data-nonce="<?php echo wp_create_nonce('wps_bidouille_display'); ?>">
8	8	<?php
9	9	include( WPS_BIDOUILLE_DIR . 'blocks/title.php' );

wps-bidouille/trunk/assets/js/functions.js

-                      r2360339
+                      r3426272
         var h2 = $(this).parent().find('h2');
         var option_name = $(this).parent().attr('id');
+        var nonce = $(this).parent().parent().parent().data('nonce');
         if (elem.hasClass('wps-hide')) {
             elem.removeClass('wps-hide').addClass('wps-view');
 …
             data = {
                 'action': 'delete_option_wps_display',
+                'wps-nonce': nonce,
                 'option_name': option_name
             };
 …
             data = {
                 'action': 'add_option_wps_display',
+                'wps-nonce': nonce,
                 'option_name': option_name
             };

wps-bidouille/trunk/classes/plugin.php

-                      r2659149
+                      r3426272
             'jquery',
             'select2'
         ), false, true );
+        ), WPS_BIDOUILLE_VERSION, true );
         wp_localize_script(
 …
     public static function add_option_wps_display() {
+        if ( ! isset( $_POST['wps-nonce'] ) || ! wp_verify_nonce( $_POST['wps-nonce'], 'wps_bidouille_display' ) ) {
+            return false;
+        }
         $option_name = sanitize_text_field( $_POST['option_name'] );
         if ( is_multisite() ) {
 …
     public static function delete_option_wps_display() {
+        if ( ! isset( $_POST['wps-nonce'] ) || ! wp_verify_nonce( $_POST['wps-nonce'], 'wps_bidouille_display' ) ) {
+            return false;
+        }
         $option_name = sanitize_text_field( $_POST['option_name'] );
         if ( is_multisite() ) {

wps-bidouille/trunk/readme.txt

-                      r3316782
+                      r3426272
 Requires at least: 4.2
 Tested up to: 6.8
 Stable tag: 1.33.1
+Stable tag: 1.33.2
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 1.33.2 =
+* Fix vulnerability (Thanks Legion Hunter - Patchstack) : Subscriber level user can inject any option field for option name "wps_display" via AJAX.
 = 1.33.1 =
 * Tested up to 6.8

wps-bidouille/trunk/wps-bidouille.php

-                      r3316782
+                      r3426272
 Author: WPServeur, NicolasKulka, Benoti, wpformation
 Author URI: https://wpserveur.net
 Version: 1.33.1
+Version: 1.33.2
 Requires at least: 4.2
 Tested up to: 6.8
 …
 // Plugin constants
 define( 'WPS_BIDOUILLE_VERSION', '1.33.1' );
+define( 'WPS_BIDOUILLE_VERSION', '1.33.2' );
 define( 'WPS_BIDOUILLE_FOLDER', 'wps-bidouille' );
 define( 'WPS_BIDOUILLE_BASENAME', plugin_basename( __FILE__ ) );

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory