Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-36751: Changeset 2368658 for coupon-creator/tags/2.5.2.1/plugin-engine/src/Pngx/Admin/Meta.php – WordPress Plugin Repository

The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE
#wordpress#php#auth

Timestamp:

08/25/2020 12:58:52 PM (3 years ago)

brianjessee

Message:

Add remaining files for Coupon Creator 3.1.1

File:

  • coupon-creator/tags/2.5.2.1/plugin-engine/src/Pngx/Admin/Meta.php (2 diffs)

Legend:

Unmodified

Added

Removed

  • coupon-creator/tags/2.5.2.1/plugin-engine/src/Pngx/Admin/Meta.php

    r1708048

    r2368658

310

310

311

311

        //Autosave or no past variable then kick out

312

 

        if ( empty( $\_POST ) || ( defined( 'DOING\_AUTOSAVE' ) && DOING\_AUTOSAVE ) ) {

 

312

        if (

 

313

            empty( $\_POST ) ||

 

314

            (

 

315

                defined( 'DOING\_AUTOSAVE' ) &&

 

316

                DOING\_AUTOSAVE

 

317

            )

 

318

        ) {

 

319

            return;

 

320

        }

 

321

 

322

        // If no nonce set, then return.

 

323

        if (

 

324

            ! isset( $\_POST\['\_inline\_edit'\] ) &&

 

325

            ! isset( $\_POST\['pngx\_nonce'\] )

 

326

        ) {

313

327

            return;

314

328

        }

315

329

316

330

        //Check if on the right post type

317

 

        if ( isset( $post->post\_type ) && ! in\_array( $post->post\_type, self::get\_post\_types() ) ) {

 

331

        if (

 

332

            isset( $post->post\_type ) &&

 

333

            ! in\_array( $post->post\_type, self::get\_post\_types() )

 

334

        ) {

318

335

            return;

319

336

        }

…

…

 

324

341

        }

325

342

326

 

        //Verify Nonce

327

 

        if ( isset( $\_POST\['pngx\_nonce'\] ) && ! wp\_verify\_nonce( $\_POST\['pngx\_nonce'\], 'pngx\_save\_fields' ) && ( isset( $\_POST\['\_inline\_edit'\] ) && ! wp\_verify\_nonce( $\_POST\['\_inline\_edit'\], 'inlineeditnonce' ) ) ) {

 

343

        // Verify Plugin Nonce.

 

344

        if (

 

345

            ! isset( $\_POST\['\_inline\_edit'\] ) &&

 

346

            isset( $\_POST\['pngx\_nonce'\] ) &&

 

347

            ! wp\_verify\_nonce( $\_POST\['pngx\_nonce'\], 'pngx\_save\_fields' )

 

348

        ) {

 

349

            return;

 

350

        }

 

351

 

352

        // Verify Inline Edit Nonce.

 

353

        if (

 

354

            isset( $\_POST\['\_inline\_edit'\] ) &&

 

355

            ! wp\_verify\_nonce( $\_POST\['\_inline\_edit'\], 'inlineeditnonce' )

 

356

        ) {

328

357

            return;

329

358

        }

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907