Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2189: Widgets.php in stax-addons-for-elementor/trunk/core/admin/pages – WordPress Plugin Repository

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.

CVE
Open in Source
#wordpress#php#auth

Last change on this file was 2294272, checked in by , 3 years ago

Version 1.4.0

File size: 1.9 KB

Line

1

<?php

2

3

namespace StaxAddons;

4

5

if ( ! defined( ‘ABSPATH’ ) ) {

6

    exit; // Exit if accessed directly.

7

}

8

9

/**

10

* Class Widgets

11

* @package StaxAddons

12

*/

13

class Widgets extends Base {

14

15

    /\*\*

16

     \* Settings constructor.

17

     \*/

18

    public function \_\_construct() {

19

            $this\->current\_slug \= 'widgets';

20

21

            if ( Plugin::instance()\->is\_current\_page( $this\->current\_slug ) ) {

22

                    add\_filter( STAX\_EL\_HOOK\_PREFIX . 'current\_slug', \[ $this, 'set\_page\_slug' \] );

23

                    add\_filter( STAX\_EL\_HOOK\_PREFIX . 'welcome\_wrapper\_class', \[ $this, 'set\_wrapper\_classes' \] );

24

                    add\_action( STAX\_EL\_HOOK\_PREFIX . $this\->current\_slug . '\_page\_content', \[ $this, 'panel\_content' \] );

25

            }

26

27

            add\_filter( STAX\_EL\_HOOK\_PREFIX . 'admin\_menu', \[ $this, 'add\_menu\_item' \] );

28

            add\_action( 'admin\_post\_stax\_widget\_activation', \[ $this, 'toggle\_widget' \] );

29

    }

30

31

    public function toggle\_widget() {

32

            if ( ! isset( $\_POST\['action'\] ) || $\_POST\['action'\] !== 'stax\_widget\_activation' ) {

33

                    wp\_redirect( admin\_url( 'admin.php?page=' . STAX\_EL\_SLUG\_PREFIX . $this\->current\_slug ) );

34

            }

35

36

            $options \= \[\];

37

38

            $widgets \= StaxWidgets::instance()\->get\_widgets();

39

40

            foreach ( $widgets as $widget ) {

41

                    $valid \= false;

42

43

                    if ( isset( $\_POST\[ $widget\['slug'\] \] ) ) {

44

                            $valid \= true;

45

                    }

46

47

                    if ( ! $valid ) {

48

                            $options\[ $widget\['slug'\] \] \= true;

49

                    }

50

            }

51

52

            update\_option( '\_stax\_addons\_disabled\_widgets', $options );

53

54

            wp\_redirect( admin\_url( 'admin.php?page=' . STAX\_EL\_SLUG\_PREFIX . $this\->current\_slug ) );

55

            exit();

56

    }

57

58

    /\*\*

59

     \* Panel content

60

     \*/

61

    public function panel\_content() {

62

            Utils::load\_template( 'core/admin/pages/templates/widgets', \[

63

                    'widgets' \=> StaxWidgets::instance()\->get\_widgets( false, true )

64

            \] );

65

    }

66

67

    public function add\_menu\_item( $menu ) {

68

            $menu\[\] \= \[

69

                    'name'     \=> \_\_( 'Widgets', 'stax-addons-for-elementor' ),

70

                    'link'     \=> admin\_url( 'admin.php?page=' . STAX\_EL\_SLUG\_PREFIX . $this\->current\_slug ),

71

                    'priority' \=> 2

72

            \];

73

74

            return $menu;

75

    }

76

77

}

78

79

Widgets::instance();

Note: See TracBrowser for help on using the repository browser.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE