Headline

CVE-2018-6195: Changeset 1807349 for wp-splashing-images – WordPress Plugin Repository

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the ‘session’ HTTP GET parameter to wp-admin/upload.php.

6 years ago

CVE

Open in Source

#wordpress #php #auth

Timestamp:

01/22/2018 07:29:38 PM (5 years ago)

janhenckens

Message:

Security update

Location:

wp-splashing-images/trunk

Files:

README.txt (2 diffs)
admin/partials/wp-splashing-admin-main.php (1 diff)
admin/partials/wp-splashing-admin-sidebar.php (1 diff)
wp-splashing-images.php (1 diff)

Legend:

Unmodified

Added

Removed

wp-splashing-images/trunk/README.txt

r1799926

r1807349

5

5

Requires at least: 4.0

6

6

Tested up to: 4.9.1

7

 

Stable tag: 2.1.0

 

7

Stable tag: 2.1.1

8

8

License: GPLv2 or later

9

9

License URI: http://www.gnu.org/licenses/gpl-2.0.html

…

…

 

33

33

\== Changelog ==

34

34

 

35

\= 2.1.1 =

 

36

\* Fixed 2 security issues

 

37

35

38

\= 2.1 =

36

39

\* Updated unsplash library and use the new download function

wp-splashing-images/trunk/admin/partials/wp-splashing-admin-main.php

r1799926

r1807349

20

20

    </h1>

21

21

        <?php if($\_GET\['session'\]) {

22

 

23

 

            $data = unserialize(base64\_decode($\_GET\['session'\]));

 

22

            $data = unserialize(base64\_decode($\_GET\['session'\]), \['allowed\_classes' => false\]);

24

23

            $this->unsplash->saveTokens($data\['token'\]);

25

24

            $user = $this->unsplash->getUser(); ?>

wp-splashing-images/trunk/admin/partials/wp-splashing-admin-sidebar.php

r1675965

r1807349

7

7

                <form id="splashing-search" method="get" action="<?php echo esc\_url(admin\_url('admin-post.php')); ?>">

8

8

                    <label class="screen-reader-text" for="post-search-input">Search Posts:</label>

9

 

                    <input type="search" id="post-search-input-splashing" name="search" value="<?php echo $\_GET\['search'\]; ?>" placeholder="<?php \_e('Search unsplash.com', 'wp-splashing-images'); ?>">

 

9

                    <input type="search" id="post-search-input-splashing" name="search" value="<?php echo sanitize\_title\_for\_query($\_GET\['search'\]); ?>" placeholder="<?php \_e('Search unsplash.com', 'wp-splashing-images'); ?>">

10

10

                    <input type="hidden" name="action" value="wp\_splashing\_search">

11

11

                    <input type="hidden" name="paged" value="1">

wp-splashing-images/trunk/wp-splashing-images.php

r1799926

r1807349

17

17

 \* Plugin URI:        http://studioespresso.co

18

18

 \* Description:       Unsplash.com), right in your dashboard. Add photos with one click and use them in your content right away.

19

 

 \* Version:           2.1.0

 

19

 \* Version:           2.1.1

20

20

 \* Author:            Studio Espresso

21

21

 \* Author URI:        http://studioespresso.co

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago