Headline
CVE-2021-4405: Changeset 2473455 for elasticpress/trunk/includes/classes/Feature/Autosuggest/Autosuggest.php – WordPress Plugin Repository
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Timestamp:
02/12/2021 02:59:34 AM (2 years ago)
10upbot
Message:
Update to version 3.5.4 from GitHub
File:
- elasticpress/trunk/includes/classes/Feature/Autosuggest/Autosuggest.php (1 diff)
Legend:
Unmodified
Added
Removed
elasticpress/trunk/includes/classes/Feature/Autosuggest/Autosuggest.php
r2458479
r2473455
638
638
\*/
639
639
public function epio\_send\_autosuggest\_allowed() {
640
if ( ! empty( $\_REQUEST\['ep\_epio\_nonce'\] ) && ! wp\_verify\_nonce( $\_REQUEST\['ep\_epio\_nonce'\], 'ep-epio-set-autosuggest' ) ) {
640
if ( empty( $\_REQUEST\['ep\_epio\_nonce'\] ) || ! wp\_verify\_nonce( $\_REQUEST\['ep\_epio\_nonce'\], 'ep-epio-set-autosuggest' ) ) {
641
641
return;
642
642
}
Note: See TracChangeset for help on using the changeset viewer.