Headline
CVE-2021-4400: Changeset 2473344 for better-search – WordPress Plugin Repository
The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
better-search/trunk/better-search.php
r2300607
r2473344
16
16
* Plugin URI: https://webberzone.com/plugins/better-search/
17
17
* Description: Replace the default WordPress search with a contextual search. Search results are sorted by relevancy ensuring a better visitor search experience.
18
* Version: 2.5.2
18
* Version: 2.5.3
19
19
* Author: Ajay D’Souza
20
20
* Author URI: https://webberzone.com/
better-search/trunk/includes/admin/tools.php
r2291598
r2473344
123
123
</p>
124
124
125
<?php wp\_nonce\_field( 'bsearch\_export\_setting\_nonce', 'bsearch\_export\_setting\_nonce' ); ?>
125
<?php wp\_nonce\_field( 'bsearch\_export\_settings\_nonce', 'bsearch\_export\_settings\_nonce' ); ?>
126
126
</form>
127
127
…
…
221
221
}
222
222
223
if ( isset( $\_POST\['bsearch\_export\_settings\_nonce'\] ) && ! wp\_verify\_nonce( sanitize\_key( $\_POST\['bsearch\_export\_settings\_nonce'\] ), 'bsearch\_export\_settings\_nonce' ) ) {
223
if ( ! isset( $\_POST\['bsearch\_export\_settings\_nonce'\] ) || ! wp\_verify\_nonce( sanitize\_key( $\_POST\['bsearch\_export\_settings\_nonce'\] ), 'bsearch\_export\_settings\_nonce' ) ) {
224
224
return;
225
225
}
…
…
255
255
}
256
256
257
if ( isset( $\_POST\['bsearch\_import\_settings\_nonce'\] ) && ! wp\_verify\_nonce( sanitize\_key( $\_POST\['bsearch\_import\_settings\_nonce'\] ), 'bsearch\_import\_settings\_nonce' ) ) {
257
if ( ! isset( $\_POST\['bsearch\_import\_settings\_nonce'\] ) || ! wp\_verify\_nonce( sanitize\_key( $\_POST\['bsearch\_import\_settings\_nonce'\] ), 'bsearch\_import\_settings\_nonce' ) ) {
258
258
return;
259
259
}
better-search/trunk/includes/query.php
r2218527
r2473344
61
61
}
62
62
if ( ! empty( $limits ) ) {
63
$orderby = 'LIMIT ' . $limits;
63
$limits = 'LIMIT ' . $limits;
64
64
}
65
65
better-search/trunk/readme.txt
r2446418
r2473344
3
3
Contributors: webberzone, Ajay
4
4
Donate link: https://ajaydsouza.com/donate/
5
Stable tag: 2.5.2
5
Stable tag: 2.5.3
6
6
Requires at least: 4.9
7
Tested up to: 5.6
7
Tested up to: 5.4
8
8
License: GPLv2 or later
9
9
…
…
94
94
== Changelog ==
95
95
96
= 2.5.2 =
96
= 2.5.3 =
97
97
98
98
Release post: [https://webberzone.com/blog/better-search-v2-5-0/](https://webberzone.com/blog/better-search-v2-5-0/)
99
100
* Bug fixes:
101
\* Security fix
102
\* Variable fix for LIMIT clause
103
104
= 2.5.2 =
99
105
100
106
* Bug fixes:
…
…
103
109
= 2.5.1 =
104
110
105
Release post: [https://webberzone.com/blog/better-search-v2-5-0/](https://webberzone.com/blog/better-search-v2-5-0/)
106
107
111
* Bug fixes:
108
112
\* Custom CSS box would not save
109
113
110
114
= 2.5.0 =
111
112
Release post: [https://webberzone.com/blog/better-search-v2-5-0/](https://webberzone.com/blog/better-search-v2-5-0/)
113
115
114
116
* Features:
…
…
160
162
== Upgrade Notice ==
161
163
162
= 2.5.2 =
163
Bug fixes. For details on the update check the changelog and release post on https://webberzone.com
164
= 2.5.3 =
165
Security fix. For details on the update check the changelog and release post on https://webberzone.com