Headline
CVE-2020-36751: Changeset 2368658 for coupon-creator/tags/2.5.2.1/plugin-engine/src/Pngx/Admin/Meta.php – WordPress Plugin Repository
The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Timestamp:
08/25/2020 12:58:52 PM (3 years ago)
brianjessee
Message:
Add remaining files for Coupon Creator 3.1.1
File:
- coupon-creator/tags/2.5.2.1/plugin-engine/src/Pngx/Admin/Meta.php (2 diffs)
Legend:
Unmodified
Added
Removed
coupon-creator/tags/2.5.2.1/plugin-engine/src/Pngx/Admin/Meta.php
r1708048
r2368658
310
310
311
311
//Autosave or no past variable then kick out
312
if ( empty( $\_POST ) || ( defined( 'DOING\_AUTOSAVE' ) && DOING\_AUTOSAVE ) ) {
312
if (
313
empty( $\_POST ) ||
314
(
315
defined( 'DOING\_AUTOSAVE' ) &&
316
DOING\_AUTOSAVE
317
)
318
) {
319
return;
320
}
321
322
// If no nonce set, then return.
323
if (
324
! isset( $\_POST\['\_inline\_edit'\] ) &&
325
! isset( $\_POST\['pngx\_nonce'\] )
326
) {
313
327
return;
314
328
}
315
329
316
330
//Check if on the right post type
317
if ( isset( $post->post\_type ) && ! in\_array( $post->post\_type, self::get\_post\_types() ) ) {
331
if (
332
isset( $post->post\_type ) &&
333
! in\_array( $post->post\_type, self::get\_post\_types() )
334
) {
318
335
return;
319
336
}
…
…
324
341
}
325
342
326
//Verify Nonce
327
if ( isset( $\_POST\['pngx\_nonce'\] ) && ! wp\_verify\_nonce( $\_POST\['pngx\_nonce'\], 'pngx\_save\_fields' ) && ( isset( $\_POST\['\_inline\_edit'\] ) && ! wp\_verify\_nonce( $\_POST\['\_inline\_edit'\], 'inlineeditnonce' ) ) ) {
343
// Verify Plugin Nonce.
344
if (
345
! isset( $\_POST\['\_inline\_edit'\] ) &&
346
isset( $\_POST\['pngx\_nonce'\] ) &&
347
! wp\_verify\_nonce( $\_POST\['pngx\_nonce'\], 'pngx\_save\_fields' )
348
) {
349
return;
350
}
351
352
// Verify Inline Edit Nonce.
353
if (
354
isset( $\_POST\['\_inline\_edit'\] ) &&
355
! wp\_verify\_nonce( $\_POST\['\_inline\_edit'\], 'inlineeditnonce' )
356
) {
328
357
return;
329
358
}
Note: See TracChangeset for help on using the changeset viewer.