Headline
CVE-2021-25053: Changeset 2641650 for wp-coder – WordPress Plugin Repository
The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.
wp-coder/trunk/README.txt
r2640134
r2641650
6
6
Tested up to: 5.8
7
7
Requires PHP: 5.3
8
Stable tag: 2.5.1
8
Stable tag: 2.5.2
9
9
License: GPLv2 or later
10
10
License URI: http://www.gnu.org/licenses/gpl-2.0.html
…
…
57
57
58
58
== Changelog ==
59
= 2.5.2 =
60
Fixed: minor bug on main page of the plugin
61
59
62
= 2.5.1 =
60
63
Fixed: minor bug.
wp-coder/trunk/admin/general/main.php
r2413249
r2641650
1
<?php if ( ! defined( ‘ABSPATH’ ) ) exit;
2
/\*\*
3
\* Main Page
4
\*
5
\* @package Lead\_Generation
6
\* @subpackage
7
\* @copyright Copyright (c) 2018, Dmytro Lobov
8
\* @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
9
\* @since 1.0
10
\*/
11
12
$logo = plugin\_dir\_url( \_\_FILE\_\_ ).'image/icon.png.';
1
<?php
2
/**
3
* Main Page
4
*
5
* @package Wow_Plugin
6
* @subpackage Wow-Company/Main
7
* @author Wow-Company [email protected]
8
* @copyright 2019 Wow-Company (Wow-Company)
9
* @license GNU Public License
10
* @version 0.1
11
*/
12
13
if ( ! defined( ‘ABSPATH’ ) ) {
14
exit;
15
}
16
$logo = plugin_dir_url( __FILE__ ) . 'image/icon.png’;
13
17
?>
14
18
<style>
…
…
48
52
font-family: dashicons;
49
53
font-size: 12px;
50
line-height: 12px;
54
line-height: 14px;
51
55
}
52
56
…
…
81
85
background: #303030;
82
86
}
87
83
88
.wow-thank-you {
84
89
color: #777777;
85
90
font-style: italic;
86
91
}
87
.about-wrap.full-width-layout {
88
max-width: 100%;
92
93
.about-wrap {
94
margin: 0 auto 3rem;
89
95
}
90
96
</style>
91
97
92
98
93
<div class="wrap about-wrap full-width-layout">
94
95
<h1><?php esc\_attr\_e( 'Welcome', 'wpcoder' ); ?> </h1>
96
97
<p class="about-text">
98
<?php esc\_attr\_e( 'Congratulations! You are about to use one of the plugins from Wow-Company.', 'wpcoder' ); ?> </p>
99
<p>
100
<a href="https://www.facebook.com/wowaffect/" class="wow-subscribe" target="\_blank">Stay in touch <span class="dashicons dashicons-facebook-alt"></span></a>
101
</p>
102
<span class="wow-badge">Wow-Company</span>
103
104
<?php
105
$current = ( isset( $\_GET\['tab'\] ) ) ? sanitize\_text\_field( wp\_unslash( $\_GET\['tab'\] ) ) : 'wow-plugins';
106
$tabs = array(
107
'wow-plugins' => \_\_( 'Plugins', 'wpcoder' ),
108
);
109
110
echo '<h2 class="nav-tab-wrapper wp-clearfix">';
111
foreach ( $tabs as $tab => $name ) {
112
$class = ( $tab === $current ) ? ' nav-tab-active' : '';
113
echo '<a class="nav-tab' .esc\_attr( $class ) . '" href="?page=wow-company&tab=' . esc\_attr( $tab ) . '">' . esc\_attr( $name ) . '</a>';
114
}
115
echo '</h2>';
116
117
echo '<div class="stem-content">';
118
include ( $current.'.php' );
119
echo '</div>';
120
?>
99
<div class="wrap full-width-layout">
100
<div class="about-wrap">
101
102
103
<h1><?php esc\_attr\_e( 'Welcome' ); ?> </h1>
104
105
<p class="about-text">
106
<?php esc\_attr\_e( 'Congratulations! You are about to use one of the plugins from Wow-Company.' ); ?>
107
</p>
108
<p>Several plugins below has free and pro versions you can install it and hopefully useful. Enjoy it.</p>
109
<span class="wow-badge">Wow-Company</span>
110
</div>
111
<div class="stem-content">
112
<?php include( 'wow-plugins.php' ); ?>
113
</div>
114
121
115
</div>
122
116
117
wp-coder/trunk/admin/general/wow-plugins.php
r2413249
r2641650
5
5
* @package Wow_Plugin
6
6
* @subpackage Wow-Company/Plugins
7
* @author Dmytro Lobov [email protected]
7
* @author Wow-Company [email protected]
8
8
* @copyright 2019 Wow-Company
9
9
* @license GNU P
…
…
36
36
?>
37
37
<style>
38
.height\_screen {
39
height: 300px;
40
background: #fff;
41
}
38
.height_screen {
39
height: 270px;
40
background: #fff;
41
}
42
42
43
.height\_screen img {
44
max-width: 100%;
45
}
43
.height_screen img {
44
max-width: 100%;
45
}
46
46
47
.height\_screen span {
48
padding: 10px;
49
font-size: 16px;
50
font-weight: 500;
51
display: block;
52
}
47
.height_screen span {
48
padding: 10px;
49
font-size: 16px;
50
font-weight: 500;
51
display: block;
52
}
53
53
54
.height\_screen a {
55
color: #000;
56
text-decoration: none;
57
}
54
.height_screen a {
55
color: #000;
56
text-decoration: none;
57
}
58
58
59
.themes {
60
overflow: hidden;
61
}
59
.themes {
60
overflow: hidden;
61
}
62
62
63
.theme-actions {
64
background: rgba(244, 244, 244, 1) !important;
65
}
66
67
.theme-name {
68
text-align: left !important;
69
}
70
71
.install {
72
float: right;
73
}
63
.theme-actions {
64
background: rgba(244, 244, 244, 1) !important;
65
}
66
.theme-name {
67
text-align: left !important;
68
}
69
.install {
70
float: right;
71
}
72
</style>
74
73
75
74
76
</style><h3>Several plugins below has free and pro versions you can install it and hopefully useful. Enjoy it.</h3>
77
78
75
<div class="theme-browser">
79
<div class="themes">
76
<div class="themes">
80
77
<?php
81
78
$image = 'https://wow-estore.com/a-plugins/img/';
82
79
foreach ( $items as $key => $value ) { ?>
83
80
84
<div class="theme">
85
<div class="height\_screen">
86
<a target="\_blank" href="<?php echo esc\_url( $value\[3\] ); ?>" target="\_blank"><img
87
src="<?php echo esc\_url( $image . $value\[2\] ); ?>"/>
88
<span><?php echo esc\_attr( $value\[1\] ); ?></span>
89
</a>
90
</div>
91
<div class="theme-author"></div>
92
<div class="theme-id-container">
93
<h2 class="theme-name">
94
<span><?php echo esc\_attr( $value\[0\] ); ?></span>
81
<div class="theme">
82
<div class="height\_screen">
83
<a target="\_blank" href="<?php echo esc\_url( $value\[3\] ); ?>" target="\_blank"><img
84
src="<?php echo esc\_url( $image . $value\[2\] ); ?>"/>
85
<span><?php echo esc\_attr( $value\[1\] ); ?></span>
86
</a>
87
</div>
88
<div class="theme-author"></div>
89
<div class="theme-id-container">
90
<h2 class="theme-name">
91
<span><?php echo esc\_attr( $value\[0\] ); ?></span>
95
92
<?php if ( ! empty( $value\[5\] ) ) : ?>
96
<span class="install"><?php echo esc\_attr( $value\[5\] ); ?>+ <?php \_e( 'Active Installs' ); ?></span>
93
<span class="install"><?php echo esc\_attr( $value\[5\] ); ?>+ <?php \_e( 'Active Installs' ); ?></span>
97
94
<?php endif; ?>
98
</h2>
99
<div class="theme-actions">
95
</h2>
96
<div class="theme-actions">
100
97
<?php if ( ! empty( $value\[3\] ) ) : ?>
101
<a class="button activate" href="<?php echo esc\_url( $value\[3\] ); ?>">Try FREE</a>
98
<a class="button activate" href="<?php echo esc\_url( $value\[3\] ); ?>">Try FREE</a>
102
99
<?php endif; ?>
103
100
<?php if ( ! empty( $value\[4\] ) ) : ?>
104
<a class="button button-primary" href="<?php echo esc\_url( $value\[4\] ); ?>" target="\_blank">Get
105
PRO</a>
101
<a class="button button-primary" href="<?php echo esc\_url( $value\[4\] ); ?>" target="\_blank">Get PRO</a>
106
102
<?php endif; ?>
107
</div>
108
</div>
109
</div>
103
</div>
104
</div>
105
</div>
110
106
<?php } ?>
111
</div>
107
</div>
112
108
</div>
113
109
114
110
<p class="wow-thank-you">
115
<span class="thank-line">= = = = = = =</span><br/>
116
Thank you for choosing 'Wow Plugin'<br/>
117
Dmyto Lobov<br/>
118
<a href="https://wow-estore.com" target="\_blank">Wow-Estore.com</a>
111
<span class="thank-line">= = = = = = =</span><br/>
112
Thank you for choosing 'Wow Plugin’<br/>
113
Dmyto Lobov<br/>
114
<a href="https://wow-estore.com" target="_blank">Wow-Estore.com</a>
119
115
</p>
wp-coder/trunk/wp-coder.php
r2640134
r2641650
4
4
* Plugin URI: https://wordpress.org/plugins/wp-coder/
5
5
* Description: Add custom CSS, HTML, JavaScript on your website page
6
* Version: 2.5.1
6
* Version: 2.5.2
7
7
* Author: Wow-Company
8
8
* Author URI: https://wow-estore.com/
…
…
35
35
'plugin\_menu' => 'WP Coder',
36
36
'plugin\_home\_url' => 'https://wordpress.org/plugins/wp-coder/',
37
'plugin\_version' => '2.5.1',
37
'plugin\_version' => '2.5.2',
38
38
'plugin\_file' => basename( \_\_FILE\_\_ ),
39
39
'plugin\_slug' => dirname( plugin\_basename( \_\_FILE\_\_ ) ),