Headline
CVE-2021-4385: Changeset 2473452 for wp-private-content-plus – WordPress Plugin Repository
The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new group members via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Legend:
Unmodified
Added
Removed
wp-private-content-plus/trunk/classes/class-wppcp-groups.php
r2162686
r2473452
189
189
sanitize\_text\_field($\_POST\['wppcp\_backend\_group\_add\_new\_member\_nonce'\]) : '';
190
190
191
if ( isset($\_POST\['wppcp\_backend\_group\_add\_new\_member\_nonce'\]) && ! wp\_verify\_nonce( $nonce, 'wppcp-backend-group-add-new-member-nonce' ) ) {
191
if ( ! isset($\_POST\['wppcp\_backend\_group\_add\_new\_member\_nonce'\]) || ! wp\_verify\_nonce( $nonce, 'wppcp-backend-group-add-new-member-nonce' ) ) {
192
192
return;
193
193
}
wp-private-content-plus/trunk/classes/class-wppcp-menu.php
r2149488
r2473452
131
131
132
132
if( ( current\_user\_can('manage\_options') || current\_user\_can('wppcp\_manage\_options') )
133
&& wp\_verify\_nonce( $\_POST\['wppcp\_nav\_menu\_page\_nonce\_field'\], 'wppcp\_nav\_menu\_page\_nonce' )) {
133
&& isset($\_POST\['wppcp\_nav\_menu\_page\_nonce\_field'\]) && wp\_verify\_nonce( $\_POST\['wppcp\_nav\_menu\_page\_nonce\_field'\], 'wppcp\_nav\_menu\_page\_nonce' )) {
134
134
135
135
wp-private-content-plus/trunk/classes/class-wppcp-settings.php
r2299063
r2473452
86
86
&& isset($\_POST\['wppcp\_tab'\]) ){
87
87
88
if( isset($\_GET\['page'\]) && in\_array($\_GET\['page'\],$wppcp\_settings\_pages) && wp\_verify\_nonce( $\_POST\['wppcp\_settings\_page\_nonce\_field'\], 'wppcp\_settings\_page\_nonce' ) ) {
88
if( isset($\_GET\['page'\]) && in\_array($\_GET\['page'\],$wppcp\_settings\_pages) && isset($\_POST\['wppcp\_settings\_page\_nonce\_field'\]) && wp\_verify\_nonce( $\_POST\['wppcp\_settings\_page\_nonce\_field'\], 'wppcp\_settings\_page\_nonce' ) ) {
89
89
90
90
$tab = '';
wp-private-content-plus/trunk/lang/wppcp-en_US.po
r2388177
r2473452
2
2
msgstr ""
3
3
"Project-Id-Version: WP Private Content Plus\\n"
4
"POT-Creation-Date: 2020-09-25 15:06+0530\\n"
5
"PO-Revision-Date: 2020-09-25 15:06+0530\\n"
4
"POT-Creation-Date: 2021-02-12 08:07+0530\\n"
5
"PO-Revision-Date: 2021-02-12 08:07+0530\\n"
6
6
"Last-Translator: \\n"
7
7
"Language-Team: WPExpertDeveloper <[email protected]>\\n"
…
…
666
666
667
667
#: admin/templates/welcome-screen.php:12
668
msgid "How to protect your first post?"
668
msgid "Quick Overview"
669
669
msgstr ""
670
670
wp-private-content-plus/trunk/readme.txt
r2471661
r2473452
5
5
Requires at least: 4.3.1
6
6
Tested up to: 5.6.1
7
Stable tag: 3.1
7
Stable tag: 3.2
8
8
9
9
License: GPLv2 or later
…
…
182
182
\== Changelog ==
183
183
184
\= 3.2 =
185
\* Fix security issue related to group creation
186
184
187
\= 3.1 =
185
188
\* Resolve dependency issues for jQuery new version
wp-private-content-plus/trunk/wp-private-content-plus.php
r2471661
r2473452
4
4
Plugin URI: https://www.wpexpertdeveloper.com/wp-private-content-plus/
5
5
Description: Advanced private content restrictions for WordPress
6
Version: 3.1
6
Version: 3.2
7
7
Author: Rakhitha Nimesh
8
8
Author URI: https://www.wpexpertdeveloper.com
…
…
14
14
15
15
if ( ! defined( 'WPPCP\_VERSION' ) ) {
16
define( 'WPPCP\_VERSION', '3.1' );
16
define( 'WPPCP\_VERSION', '3.2' );
17
17
}
18
18
Note: See TracChangeset for help on using the changeset viewer.