Headline
CVE-2023-2278: Changeset 2904689 for wpdirectorykit/trunk/vendor/Winter_MVC/core/mvc_loader.php – WordPress Plugin Repository
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the ‘wdk_public_action’ function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Timestamp:
04/26/2023 04:45:29 PM (7 weeks ago)
listingthemes
Message:
1.2.0
- Disable cluster on map
- Fix in categories, field visibility configuration
- Map infowindow improvements
- WooCommerce compatibility improvements
- Count issue fix in listings amanage dashboard
- Layout improvements
- Security improvements
- Fixed Open Redirection
- Fixed Cross-Site Request Forgery
- Fixed file url issues
- vendor libs update
File:
- wpdirectorykit/trunk/vendor/Winter_MVC/core/mvc_loader.php (4 diffs)
Legend:
Unmodified
Added
Removed
wpdirectorykit/trunk/vendor/Winter_MVC/core/mvc_loader.php
r2898501
r2904689
78
78
if(empty($this->plugin\_directory))
79
79
{
80
$file = WINTER\_MVC\_PATH.'/../../application/helpers/'.ucfirst($filename).'.php';
81
}
82
else
83
{
84
$file = $this->plugin\_directory.'application/helpers/'.ucfirst($filename).'.php';
80
$file = WINTER\_MVC\_PATH.'/../../application/helpers/'.sanitize\_file\_name(ucfirst($filename)).'.php';
81
}
82
else
83
{
84
$file = $this->plugin\_directory.'application/helpers/'.sanitize\_file\_name(ucfirst($filename)).'.php';
85
85
}
86
86
…
…
93
93
if(empty($this->plugin\_directory))
94
94
{
95
$file = WINTER\_MVC\_PATH.'/../../application/controllers/'.ucfirst($class).'.php';
96
}
97
else
98
{
99
$file = $this->plugin\_directory.'application/controllers/'.ucfirst($class).'.php';
95
$file = WINTER\_MVC\_PATH.'/../../application/controllers/'.sanitize\_file\_name(ucfirst($class)).'.php';
96
}
97
else
98
{
99
$file = $this->plugin\_directory.'application/controllers/'.sanitize\_file\_name(ucfirst($class)).'.php';
100
100
}
101
101
…
…
141
141
{
142
142
143
if(is\_child\_theme() && file\_exists(get\_stylesheet\_directory().'/wpdirectorykit/application/views/'.$view\_file.'.php'))
144
{
145
$file = get\_stylesheet\_directory().'/wpdirectorykit/application/views/'.$view\_file.'.php';
146
}
147
elseif(file\_exists(get\_template\_directory().'/wpdirectorykit/application/views/'.$view\_file.'.php'))
148
{
149
$file = get\_template\_directory().'/wpdirectorykit/application/views/'.$view\_file.'.php';
143
if(!empty($this->plugin\_directory)) {
144
$plugin = basename($this->plugin\_directory);
145
} else {
146
$plugin = basename( plugin\_dir\_path( dirname( \_\_FILE\_\_ , 3 ) ) );
147
}
148
149
if(is\_child\_theme() && file\_exists(get\_stylesheet\_directory().'/'.$plugin.'/application/views/'.$view\_file.'.php'))
150
{
151
$file = get\_stylesheet\_directory().'/'.$plugin.'/application/views/'.$view\_file.'.php';
152
}
153
elseif(file\_exists(get\_template\_directory().'/'.$plugin.'/application/views/'.$view\_file.'.php'))
154
{
155
$file = get\_template\_directory().'/'.$plugin.'/application/views/'.$view\_file.'.php';
150
156
}
151
157
elseif(empty($this->plugin\_directory))
…
…
188
194
189
195
public function model($class)
190
{
196
{
191
197
if(empty($this->plugin\_directory))
192
198
{
193
$file = WINTER\_MVC\_PATH.'/../../application/models/'.ucfirst($class).'.php';
194
}
195
else
196
{
197
$file = $this->plugin\_directory.'application/models/'.ucfirst($class).'.php';
199
$file = WINTER\_MVC\_PATH.'/../../application/models/'.sanitize\_file\_name(ucfirst($class)).'.php';
200
}
201
else
202
{
203
$file = $this->plugin\_directory.'application/models/'.sanitize\_file\_name(ucfirst($class)).'.php';
198
204
}
199
205
Note: See TracChangeset for help on using the changeset viewer.