Headline

CVE-2023-2733: Diff [2910707:2913397] for mstore-api – WordPress Plugin Repository

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

1 year ago

CVE

Open in Source

#sql #js #git #wordpress #php #auth

mstore-api/trunk/controllers/flutter-user.php

r2910707

r2913397

215

            'methods' => 'GET',

216

            'callback' => array($this, 'check\_user'),

217

            'permission\_callback' => function () {

218

                return parent::checkApiPermission();

219

220

),

221

));

222

223

    register\_rest\_route($this->namespace, '/test\_push\_notification', array(

224

        array(

225

            'methods' => 'POST',

226

            'callback' => array($this, 'test\_push\_notification'),

227

            'permission\_callback' => function () {

228

                return parent::checkApiPermission();

229

230

),

231

));

232

233

    register\_rest\_route($this->namespace, '/test\_push\_notification\_created\_order', array(

234

        array(

235

            'methods' => 'POST',

236

            'callback' => array($this, 'test\_push\_notification\_created\_order'),

237

217

            'permission\_callback' => function () {

238

218

                return parent::checkApiPermission();

…

1194

1174

1195

1175

1196

public function test\_push\_notification()

1197

1198

    $json = file\_get\_contents('php://input');

1199

    $params = json\_decode($json);

1200

    $email = $params->email;

1201

    $is\_manager = $params->is\_manager;

1202

    $is\_delivery = $params->is\_delivery;

1203

    $user = get\_user\_by('email', $email);

1204

    $user\_id = $user->ID;

1205

    $serverKey = get\_option("mstore\_firebase\_server\_key");

1206

    $status = false;

1207

    $is\_onesignal = $params->is\_onesignal;

1208

    if($is\_onesignal){

1209

        $status = one\_signal\_push\_notification("Fluxstore", "Test push notification", array($user\_id));

1210

        return \['status' => $status\];

1211

1212

    if (isset($is\_manager)) {

1213

        if ($is\_manager) {

1214

            $deviceToken = get\_user\_meta($user\_id, 'mstore\_manager\_device\_token', true);

1215

            if ($deviceToken) {

1216

                $status = pushNotification("Fluxstore", "Test push notification", $deviceToken);

1217

1218

1219

        return \["deviceToken" => $deviceToken, 'serverKey' => $serverKey, 'status' => $status\];

1220

1221

    if (isset($is\_delivery)) {

1222

        if ($is\_delivery) {

1223

            $deviceToken = get\_user\_meta($user\_id, 'mstore\_delivery\_device\_token', true);

1224

            if ($deviceToken) {

1225

                $status = pushNotification("Fluxstore", "Test push notification", $deviceToken);

1226

1227

1228

        return \["deviceToken" => $deviceToken, 'serverKey' => $serverKey, 'status' => $status\];

1229

1230

    $deviceToken = get\_user\_meta($user\_id, 'mstore\_device\_token', true);

1231

    if ($deviceToken) {

1232

        $status = pushNotification("Fluxstore", "Test push notification", $deviceToken);

1233

1234

    return \["deviceToken" => $deviceToken, 'serverKey' => $serverKey, 'status' => $status\];

1235

1236

1237

function test\_push\_notification\_created\_order(){

1238

    $json = file\_get\_contents('php://input');

1239

    $params = json\_decode($json);

1240

    return trackNewOrder($params->order\_id);

1241

1242

1243

1176

function chat\_notification()

1244

1177

mstore-api/trunk/controllers/flutter-woo.php

r2910707

r2913397

743

744

745

    if (isset($body\["customer\_id"\]) && $body\["customer\_id"\] != null) {

746

        $userId = $body\["customer\_id"\];

747

        $user = get\_userdata($userId);

748

        if ($user) {

749

            wp\_set\_current\_user($userId, $user->user\_login);

750

            wp\_set\_auth\_cookie($userId);

751

            WC()->customer = new WC\_Customer($userId, true);

752

745

    $cookie = $request->get\_header("User-Cookie");

746

    if (isset($cookie) && $cookie != null) {

747

        $user\_id = validateCookieLogin($cookie);

748

        if (is\_wp\_error($user\_id)) {

749

            return $user\_id;

750

751

        wp\_set\_current\_user($user\_id);

752

        wp\_set\_auth\_cookie($user\_id);

753

        WC()->customer = new WC\_Customer($user\_id, true);

753

754

755

mstore-api/trunk/functions/index.php

r2910707

r2913397

113

114

if (isset($deviceToken) && $deviceToken != false) {

115

    pushNotification($title, $message, $deviceToken);

116

117

one\_signal\_push\_notification($title,$message,array($userId));

115

    \_pushNotificationFirebase($userId,$title, $message, $deviceToken);

116

117

\_pushNotificationOneSignal($userId, $title,$message);

118

}

119

…

142

        $result = $wpdb->get\_results($sql);

143

144

        $user\_ids = array();

145

144

        foreach ($result as $item) {

146

            $user\_ids\[\]=$item->delivery\_boy;

147

145

            $deviceToken = get\_user\_meta($item->delivery\_boy, 'mstore\_delivery\_device\_token', true);

148

146

            if (isset($deviceToken) && $deviceToken != false) {

149

                pushNotification($title, $message, $deviceToken);

147

                \_pushNotificationFirebase($item->delivery\_boy,$title, $message, $deviceToken);

150

148

151

152

        one\_signal\_push\_notification($title,$message, $user\_ids);

149

            \_pushNotificationOneSignal($title,$message, $item->delivery\_boy);

150

153

151

154

152

…

176

174

        $deviceToken = get\_user\_meta($driver\_id, 'mstore\_delivery\_device\_token', true);

177

175

        if (isset($deviceToken) && $deviceToken != false) {

178

            pushNotification($title, $message, $deviceToken);

176

            \_pushNotificationFirebase($driver\_id,$title, $message, $deviceToken);

179

177

            $wpdb->insert($table\_name, array(

180

178

                'message' => $message,

…

202

200

$deviceToken = get\_user\_meta($order\_seller\_id, 'mstore\_device\_token', true);

203

201

if (isset($deviceToken) && $deviceToken != false) {

204

    pushNotification($title, $message, $deviceToken);

202

    \_pushNotificationFirebase($order\_seller\_id,$title, $message, $deviceToken);

205

203

206

204

$managerDeviceToken = get\_user\_meta($order\_seller\_id, 'mstore\_manager\_device\_token', true);

207

205

if (isset($managerDeviceToken) && $managerDeviceToken != false) {

208

    pushNotification($title, $message, $managerDeviceToken);

206

    \_pushNotificationFirebase($order\_seller\_id,$title, $message, $managerDeviceToken);

209

207

    if (is\_plugin\_active('wc-multivendor-marketplace/wc-multivendor-marketplace.php')) {

210

208

        wcfm\_message\_on\_new\_order($order\_id);

211

209

212

210

213

one\_signal\_push\_notification($title, $message, array($order\_seller\_id));

211

\_pushNotificationOneSignal($order\_seller\_id,$title, $message);

214

212

}

215

213

…

611

609

    $managerDeviceToken = get\_user\_meta($seller\_id, 'mstore\_manager\_device\_token', true);

612

610

    if (isset($managerDeviceToken) && $managerDeviceToken != false) {

613

        pushNotification($title, $message, $managerDeviceToken);

614

615

    one\_signal\_push\_notification($title, $message, array($seller\_id));

616

611

        \_pushNotificationFirebase($seller\_id, $title, $message, $managerDeviceToken);

612

613

    \_pushNotificationOneSignal($seller\_id,$title, $message);

614

615

}

616

617

function _pushNotificationFirebase($user_id, $title, $message, $deviceToken){

618

$is\_on = isNotificationEnabled($user\_id);

619

if($is\_on){

620

    pushNotification($title, $message, $deviceToken);

621

622

}

623

624

function _pushNotificationOneSignal($user_id, $title, $message){

625

$is\_on = isNotificationEnabled($user\_id);

626

if($is\_on){

627

    one\_signal\_push\_notification($title,$message,array($userId));

628

629

}

630

631

function isNotificationEnabled($user_id){

632

$is\_on = get\_user\_meta($user\_id, "mstore\_notification\_status", true);

633

return  $is\_on === "" || $is\_on === "on";

617

634

}

618

635

mstore-api/trunk/mstore-api.php

r2910707

r2913397

* Plugin URI: https://github.com/inspireui/mstore-api

* Description: The MStore API Plugin which is used for the MStore and FluxStore Mobile App

* Version: 3.9.0

* Version: 3.9.1

* Author: InspireUI

* Author URI: https://inspireui.com

…

include_once plugin_dir_path(__FILE__) . "controllers/flutter-wholesale.php";

include_once plugin_dir_path(__FILE__) . "controllers/flutter-stripe.php";

include_once plugin_dir_path(__FILE__) . "controllers/flutter-notification.php";

class MstoreCheckOut

{

public $version = '3.9.0';

public $version = '3.9.1';

public function \_\_construct()

mstore-api/trunk/readme.txt

r2910707

r2913397

Requires at least: 4.4

Tested up to: 6.0.0

Stable tag: 3.9.0

Stable tag: 3.9.1

License: GPL-2.0

License URI: https://www.gnu.org/licenses/gpl-2.0.html

…

== Changelog ==

= 3.9.1 =

* Fix security issue for coupon api

= 3.9.0 =

* Fix to push notification to seller when order created

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

10 months ago

10 months ago

10 months ago

10 months ago

10 months ago