Headline
CVE-2020-36756: Changeset 2371142 for wd-google-analytics – WordPress Plugin Repository
The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the create_csv_file() function. This makes it possible for unauthenticated attackers to create a CSV file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
wd-google-analytics/trunk/config.php
r2154223
r2371142
14
14
define('GAWD_URL’, plugins_url(plugin_basename(dirname(__FILE__))));
15
15
define('GAWD_INC’, GAWD_URL . ‘/inc’);
16
define('GAWD_VERSION’, ‘1.2.8’);
16
define('GAWD_VERSION’, ‘1.2.9’);
17
17
18
18
$upload_dir = wp_upload_dir();
wd-google-analytics/trunk/gawd_class.php
r2151404
r2371142
304
304
public function create_csv_file(){
305
305
$response = array();
306
if(isset($\_POST\['security'\]) && !wp\_verify\_nonce($\_POST\['security'\], 'gawd\_admin\_page\_nonce')) {
306
if(!isset($\_POST\['security'\]) || !wp\_verify\_nonce($\_POST\['security'\], 'gawd\_admin\_page\_nonce')) {
307
307
$response\['error'\]\['code'\] = 'wrong\_nonce';
308
308
$response\['error'\]\['msg'\] = 'wrong\_nonce';
309
die(json\_encode($response));
310
}
311
312
$csv\_response = $this->generate\_csv\_file();
313
$response = array(
314
'success'=> $csv\_response\['success'\],
315
'error' => $csv\_response\['error'\],
316
'data' => $csv\_response\['data'\]
317
);
318
309
}
310
else {
311
$csv\_response = $this->generate\_csv\_file();
312
$response\['error'\] = (!empty($csv\_response\['error'\])) ? $csv\_response\['error'\] : '';
313
$response\['success'\] = (!empty($csv\_response\['success'\])) ? $csv\_response\['success'\] : '';
314
$response\['data'\] = (!empty($csv\_response\['data'\])) ? $csv\_response\['data'\] : '';
315
}
319
316
die(json\_encode($response));
320
317
}
…
…
342
339
);
343
340
344
if(isset($\_POST\['security'\]) && !wp\_verify\_nonce($\_POST\['security'\], 'gawd\_admin\_page\_nonce')) {
341
if(!isset($\_POST\['security'\]) || !wp\_verify\_nonce($\_POST\['security'\], 'gawd\_admin\_page\_nonce')) {
345
342
$response\['error'\]\['code'\] = 'wrong\_nonce';
346
343
$response\['error'\]\['msg'\] = 'wrong\_nonce';
…
…
352
349
}
353
350
}
354
355
356
include\_once 'library/gawd-email-class.php';
357
$email = new GAWD\_email();
358
if($email->parse\_ajax\_data() === false) {
359
$response\['error'\] = $email->get\_error();
360
if($die == true) {
361
die(json\_encode($response));
362
} else {
363
return $response;
364
}
365
}
366
367
$file\_response = $this->generate\_csv\_file();
368
if($file\_response\['success'\] === false) {
369
370
$response = array(
371
'success' => $file\_response\['success'\],
372
'error' => $file\_response\['error'\],
373
'data' => $file\_response\['data'\]
374
);
375
376
if($die == true) {
377
die(json\_encode($response));
378
} else {
379
return $response;
380
}
381
}
382
383
384
if($email->get\_period() !== 'once') {
385
$email->save\_email\_info($file\_response\['ajax\_args'\], $file\_response\['csv\_generator'\]);
386
387
$response\['success'\] = true;
388
$response\['data'\]\['msg'\] = 'Email successfully Scheduled </br> Go to <a href="admin.php?page=gawd\_settings#gawd\_emails\_tab">Settings page</a> to delete scheduled e-mails.';
389
if($die == true) {
390
die(json\_encode($response));
391
} else {
392
return $response;
393
}
394
}
395
396
$email->attach\_file($file\_response\['csv\_generator'\]);
397
if($email->send\_mail() === true) {
398
$response\['success'\] = true;
399
$response\['data'\]\['msg'\] = 'Email successfully sent.';
400
if($die == true) {
401
die(json\_encode($response));
402
} else {
403
return $response;
404
}
405
} else {
406
$response\['error'\]\['code'\] = 'fail\_to\_sent\_email';
407
$response\['error'\]\['code'\] = 'Fail to sent email.';
408
409
if($die == true) {
410
die(json\_encode($response));
411
} else {
412
return $response;
413
}
414
}
415
351
else {
352
include\_once 'library/gawd-email-class.php';
353
$email = new GAWD\_email();
354
if($email->parse\_ajax\_data() === false) {
355
$response\['error'\] = $email->get\_error();
356
if($die == true) {
357
die(json\_encode($response));
358
} else {
359
return $response;
360
}
361
}
362
363
$file\_response = $this->generate\_csv\_file();
364
if($file\_response\['success'\] === false) {
365
366
$response = array(
367
'success'=> $file\_response\['success'\],
368
'error' => $file\_response\['error'\],
369
'data' => $file\_response\['data'\]
370
);
371
372
if($die == true) {
373
die(json\_encode($response));
374
} else {
375
return $response;
376
}
377
}
378
379
380
if($email->get\_period() !== 'once') {
381
$email->save\_email\_info($file\_response\['ajax\_args'\], $file\_response\['csv\_generator'\]);
382
383
$response\['success'\] = true;
384
$response\['data'\]\['msg'\] = 'Email successfully Scheduled </br> Go to <a href="admin.php?page=gawd\_settings#gawd\_emails\_tab">Settings page</a> to delete scheduled e-mails.';
385
if($die == true) {
386
die(json\_encode($response));
387
} else {
388
return $response;
389
}
390
}
391
392
$email->attach\_file($file\_response\['csv\_generator'\]);
393
if($email->send\_mail() === true){
394
$response\['success'\] = true;
395
$response\['data'\]\['msg'\] = 'Email successfully sent.';
396
if($die == true) {
397
die(json\_encode($response));
398
} else {
399
return $response;
400
}
401
}else{
402
$response\['error'\]\['code'\] = 'fail\_to\_sent\_email';
403
$response\['error'\]\['code'\] = 'Fail to sent email.';
404
405
if($die == true) {
406
die(json\_encode($response));
407
} else {
408
return $response;
409
}
410
}
411
}
416
412
}
417
413
wd-google-analytics/trunk/google-analytics-wd.php
r2214210
r2371142
3
3
* Plugin Name: 10WebAnalytics
4
4
* Plugin URI: https://10web.io/plugins/wordpress-google-analytics/
5
* Version: 1.2.8
5
* Version: 1.2.9
6
6
* Author: 10Web
7
7
* Author URI: https://10web.io/plugins/
wd-google-analytics/trunk/readme.txt
r2214210
r2371142
2
2
Contributors: 10web
3
3
Requires at least: 3.9
4
Tested up to: 5.1
5
Stable tag: 1.2.8
4
Tested up to: 5.5
5
Stable tag: 1.2.9
6
6
License: GPLv2 or later
7
7
License URI: http://www.gnu.org/licenses/gpl-2.0.html
…
…
23
23
24
24
https://www.youtube.com/watch?v=n1f7ECVFNPI
25
26
== Changelog ==
27
28
= 1.2.9 =
29
* Fixed: Vulnerability.
30
31
= 1.2.8 =
32
* Fixed: Security issues.
33
* Changed: Bootstrap library version
34
35
= 1.2.4 =
36
* Changed: Links to 10Web.io.
37
38
= 1.2.3 =
39
* Added: Alerts functionality
40
* Added: Emails functionality
41
* Fixed: Exclude tracking for user
42
43
= 1.2.2 =
44
* Fixed: Use of deprecated function in PHP 7.2
45
* Fixed: Notices in custom reports page
46
47
= 1.2.1 =
48
* Fixed: PHP error if PHP version < 5.5
49
50
= 1.2.0 =
51
* Improved: Plugin core functionality is rewritten. The plugin is faster and consumes less memory now.
52
* Improved: Google API client library is used in non-conflicting way.
53
* Improved: The size of the plugin is smaller now due to stripped version of Google library
54
* Improved: Better UX: some menues of the plugin are hidden when plugin has not been configured properly.
55
* Improved: UX when using custom client ID and secret
56
* Improved: New UI of reports, charts and tables
57
* Fixed: Security issues
58
* Fixed: Compatibility issues with Yoast SEO and UpdraftPlus plugins
59
* Fixed: Error notices if no web-property or multiple web-properties correspond to current site
60
* Fixed: Reports for page/post and frontend templates in metaboxes, admin bar, admin list screens and widget
61
* Fixed: User roles management
62
* Fixed: PHP error in admin reports for ecommerce
63
* Fixed: Numerous minor bugs
64
* Changed: Tracking settings are moved to settings page, as a separate tab
65
* Changed: Widgets options
66
* Changed: Emails, alerts, pushover and export features are temporary disabled
67
68
= 1.1.8 =
69
* Changed: Changed: Introducing brand new free plugin: SEO by 10Web.
70
71
= 1.1.7 =
72
* Changed: Deactivation popup.
73
74
= 1.1.6 =
75
* Added: Links to Reviews and Support Forum
76
77
= 1.1.5 =
78
* Fixed: PHP 5.4.0 compatibility
79
80
81
= 1.1.4 =
82
* Fixed: Compatibility issues with Constant Contact Forms, Updraftplus, Image Optimizer WD, Backup WD and some other plugins
83
* Fixed: JS errors on page/post editor
84
* Fixed: Old user account data partially preserved after reauthorization and uninstall
85
86
= 1.1.3 =
87
* Fixed: Empty settings page when plugin has token but accounts data lost for some reason
88
* Changed: Show notification to install Backup WD plugin only on plugin pages.
89
90
= 1.1.2 =
91
* Fixed: Conflict with some other plugins using Google API PHP library
92
* Fixed: Unable to authorize again after logout
93
* Fixed: JS errors on page/post editor if user not authenticated
94
* Change: Introducing Backup WD plugin
95
96
= 1.1.1 =
97
* Fixed: Reports for pages/posts in metabox
98
* Fixed: Multiple requests to Web-Dorado API for updates (Pro)
99
* Fixed: Multiple requests to Google Analytics API for management accounts
100
* Fixed: PHP 5.4.0 compatibility
101
* Changed: WD library initialization
102
103
= 1.1.0 =
104
* Changed: Improved UX of authentication
105
* Changed: Google API PHP Client library updated to the latest 2.2.0 version
106
* Changed: WD library updated to version 1.0.10
107
* Fixed: Fatal errors when WordPress could not establish secure connection with Google Analytics API
108
* Fixed: VanillaJS tracking code instead of jQuery
109
* Fixed: Escaping of custom tracking code
110
* Fixed: PHP notices in pages without global $post variable
111
112
= 1.0.22 =
113
* Changed: We temporarily disabled reports in admin dashboard and mailing
114
115
= 1.0.21 =
116
* Fixed: Network activation
117
118
= 1.0.20 =
119
* Fixed: Admin styles conflict because of bootstrap.css
120
121
= 1.0.19 =
122
* Changed: Show web-property-related message only in analytics page
123
* Fixed: Style conflict with jquery-ui.css
124
* Fixed: Error on PHP4
125
126
= 1.0.18 =
127
* Fixed: Bug on city/pageview report
128
129
= 1.0.17 =
130
* Added: Overview page
131
* Removed: Featured Plugins, Featured Themes pages
132
133
= 1.0.16 =
134
* Fixed: Bug on pagePath
135
* Changed: Message about deleted web property
136
137
= 1.0.15 =
138
* Fixed: Bug on date picker
139
* Changed: Improved error handling
140
* Added: New featured plugins
141
142
= 1.0.14 =
143
* Fixed: Analytics back end menu position conflict
144
* Fixed: Bug on deleted property check
145
* Added: Error log
146
147
= 1.0.13 =
148
* Fixed: Bug on Custom code option in tracking
149
150
= 1.0.12 =
151
* Fixed: Bug on report by individual post/page
152
153
= 1.0.11 =
154
* Added: Custom code option in tracking
155
156
= 1.0.10 =
157
* Fixed: Bug on sending a report to an email once
158
* Changed: New logo in dashboard menu and notices
159
* Fixed: Width issue with some reports
160
161
162
= 1.0.9 =
163
* Added: Option to select the time of the day for scheduled emails
164
* Changed: Save authenticate code with enter button
165
* Changed: Select permissions for user groups in a pop-up (Settings page)
166
* Fixed: minor bugs
167
168
= 1.0.8 =
169
* Added: Google Analytics reports for custom post types
170
* Added: New icon in the menu
171
* Added: New header on WordPress.org
172
* Fixed: JS error on creating new pages/posts
173
174
= 1.0.7 =
175
* Fixed: Bug in Site Content reports
176
177
= 1.0.6 =
178
* Fixed: User guide links
179
* Fixed: Bug on datepicker
180
* Fixed: Error when deleting the web property
181
* Added: Validation on the form for adding goals
182
183
= 1.0.5 =
184
* Fixed: PHP version conflict
185
* Added: Pro flags about additional functionality available in Pro version
186
* Added: Explanation texts and links to documentation on several pages
187
188
= 1.0.4 =
189
* Fixed: Unauthenticate issue
190
* Fixed: Errors for php version < 5.3
191
192
= 1.0.3 =
193
* Fixed: Front reports permissions
194
* Fixed: Analytics menu
195
* Fixed: Redirect to settings page if no profile added
196
197
= 1.0.2 =
198
* Changed: Site speed and Sales performance reports sorting
199
200
= 1.0.1 =
201
* Changed: Reports default sorting
202
203
= 1.0.0 =
204
* Initial version