Headline
CVE-2021-4401: Changeset 2473676 for analogwp-templates/trunk/inc/class-quick-edit.php – WordPress Plugin Repository
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Timestamp:
02/12/2021 11:28:47 AM (2 years ago)
mauryaratan
Message:
Tagging 1.8.1
File:
- analogwp-templates/trunk/inc/class-quick-edit.php (2 diffs)
Legend:
Unmodified
Added
Removed
analogwp-templates/trunk/inc/class-quick-edit.php
r2254130
r2473676
55
55
\*/
56
56
protected function update\_posts\_stylekit( $post\_id, $kit\_id ) {
57
58
if ( ! current\_user\_can( 'edit\_post', $post\_id ) ) {
59
return;
60
}
61
62
if ( ! check\_admin\_referer( plugin\_basename( \_\_FILE\_\_ ), 'ang\_sk\_update\_nonce' ) ) {
63
return;
64
}
65
57
66
if ( ! $kit\_id || '-1' === $kit\_id ) {
58
67
return;
…
…
157
166
\*/
158
167
public function quick\_edit\_save( $post\_id ) {
159
if ( ! current\_user\_can( 'edit\_post', $post\_id ) ) {
160
return;
161
}
162
163
if ( isset( $\_POST\['ang\_sk\_update\_nonce'\] ) && ! wp\_verify\_nonce( $\_POST\['ang\_sk\_update\_nonce'\], plugin\_basename( \_\_FILE\_\_ ) ) ) { // phpcs:ignore
164
return;
165
}
166
167
168
if ( isset( $\_POST\['ang\_stylekit'\] ) && '-1' !== $\_POST\['ang\_stylekit'\] ) {
168
169
$this->update\_posts\_stylekit( $post\_id, $\_POST\['ang\_stylekit'\] ); // phpcs:ignore
Note: See TracChangeset for help on using the changeset viewer.