Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2353: Changeset 2926660 for chp-ads-block-detector – WordPress Plugin Repository

The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chp_abd_action function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level attackers to change or reset plugin settings. CVE-2023-36509 appears to be a duplicate of this issue.

CVE
Open in Source
#web#js#wordpress#php#auth

Timestamp:

06/15/2023 03:32:05 PM (3 months ago)

sureshchand12a

Message:

Security Update

Location:

chp-ads-block-detector/trunk

Files:

  • chp-adsblocker-detector.php (2 diffs)
  • composer.json (1 diff)
  • readme.md (1 diff)
  • readme.txt (2 diffs)
  • view/footer_part.php (2 diffs)
  • view/settings.php (1 diff)

Legend:

Unmodified

Added

Removed

  • chp-ads-block-detector/trunk/chp-adsblocker-detector.php

    r2922313

    r2926660

5

5

 \* Plugin URI:        https://chpadblock.com

6

6

 \* Description:       CHP Ads Block Detector plugin is developed in order to  detect most of the AdBlock extensions installed on the browser and show a popup to disable the extension. This plugin restricts the user to access the page unless the user will disable the extension for your website.

7

 

 \* Version:           3.9.7

 

7

 \* Version:           3.9.8

8

8

 \* Requires at least: 5.2

9

9

 \* Requires PHP:      7.2

…

…

 

124

124

            //load all the constants

125

125

            $consts = array(

126

 

                'CHP\_ADSB\_VERSION' => '3.9.7',

 

126

                'CHP\_ADSB\_VERSION' => '3.9.8',

127

127

                'CHP\_ADSB\_DIR' => plugin\_dir\_path(\_\_FILE\_\_),

128

128

                'CHP\_ADSB\_URL' => plugin\_dir\_url(\_\_FILE\_\_),

  • chp-ads-block-detector/trunk/composer.json

    r2922313

    r2926660

1

1

{

2

2

    "name": "scthakuri12a/chp-ads-block-detector",

3

 

    "version": "3.9.7",

 

3

    "version": "3.9.8",

4

4

    "description": "Block Ads Blocker Extensions and Increase your revenue by using Ads Blocker Detector Plugin",

5

5

    "homepage": "https://wordpress.org/plugins/chp-ads-block-detector/",

  • chp-ads-block-detector/trunk/readme.md

    r2922313

    r2926660

109

109

\*\*CHANGELOG\*\*

110

110

111

 

\> ## v3.9.7 (06/06/2023)

 

111

\> ## v3.9.8 (06/06/2023)

112

112

\>

113

113

\> - Security Update

  • chp-ads-block-detector/trunk/readme.txt

    r2922313

    r2926660

4

4

Requires at least: 5.2

5

5

Tested up to: 6.2

6

 

Stable tag: 3.9.7

 

6

Stable tag: 3.9.8

7

7

Requires PHP: 7.2

8

8

License: GPLv2 or later

…

…

 

137

137

\== Changelog ==

138

138

139

 

\= 3.9.7 =

 

139

\= 3.9.8 =

140

140

\*  ☞ Security Update

141

141

  • chp-ads-block-detector/trunk/view/footer_part.php

    r2912322

    r2926660

8

8

    $debug = apply\_filters('adb/debug/js', false);

9

9

    $onPageFullyLoaded = apply\_filters('adb/onpageload', true);

10

 

    $branding = apply\_filters('adb/branding', @$this->settings->branding);

11

 

12

 

    $brandingcode = '';

13

 

    if( filter\_var($branding, FILTER\_VALIDATE\_BOOLEAN) ){

14

 

        $brandingURLArray = array("https://chpadblock.com/", "https://toolkitspro.com");

15

 

        $brandingURLAlt = array("Best Wordpress Adblock Detecting Plugin | CHP Adblock", "100% Free SEO Tools - Tool Kits PRO");

16

 

        $random = array\_rand($brandingURLArray);

17

 

        $brandingURL = $brandingURLArray\[$random\];

18

 

        $brandingText = $brandingURLAlt\[$random\];

19

 

        $brandingcode = sprintf('<div class="%s"><a id="%s" href="%s" target="\_blank" rel="noopener noreferrer"><span class="%s" style="color: rgb(9, 13, 22);">Powered By</span> <div class="%s"><img src="%sassets/img/d.svg" alt="%s" /></div></a></div>', $this->rclass("chp\_branding"), $this->rclass("chp\_branding"), $brandingURL, $this->rclass("powered\_by"), $this->rclass("chp\_brading\_svg"), CHP\_ADSB\_URL, $brandingText);

20

 

    }

21

10

?>

22

11

…

…

 

60

49

        </div>

61

50

    </div>

62

 

63

 

    <?php echo $brandingcode; ?>

64

51

</div>

65

52

  • chp-ads-block-detector/trunk/view/settings.php

    r2922313

    r2926660

241

241

    <div class="chp\_ads\_button\_row">

242

242

        <?php echo wp\_nonce\_field('update\_chpadb\_settings'); ?>

243

 

        <button class="button button-primary" type="button"

244

 

            id="chp\_ads\_save\_settings"><?php esc\_attr\_e('Save Changes', 'chp-adsblocker-detector'); ?></button>

245

 

        <button class="button button-secondary" type="button"

246

 

            id="chp\_ads\_reset\_settings"><?php esc\_attr\_e('Reset Changes', 'chp-adsblocker-detector'); ?></button>

 

243

        <button class="button button-primary" type="button" id="chp\_ads\_save\_settings"><?php esc\_attr\_e('Save Changes', 'chp-adsblocker-detector'); ?></button>

 

244

        <button class="button button-secondary" type="button" id="chp\_ads\_reset\_settings"><?php esc\_attr\_e('Reset Changes', 'chp-adsblocker-detector'); ?></button>

247

245

    </div>

248

246

</div>

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE