Headline
CVE-2021-4397: Changeset 2548539 for staff-directory-pro – WordPress Plugin Repository
The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Timestamp:
06/15/2021 08:58:32 PM (2 years ago)
ghuger
Message:
Security fixes; Compatibility with WordPress 5.7.2
Location:
staff-directory-pro/trunk
Files:
- gold-framework/gold-plugins-custom-post-type.php (1 diff)
- readme.txt (3 diffs)
- staff-directory.php (1 diff)
Legend:
Unmodified
Added
Removed
staff-directory-pro/trunk/gold-framework/gold-plugins-custom-post-type.php
r2469245
r2548539
309
309
\* Save the new Custom Fields values
310
310
\*/
311
function saveCustomFields( $post\_id, $post ) {
312
if ( isset($\_POST\[ 'my-custom-fields\_wpnonce' \]) && !wp\_verify\_nonce( $\_POST\[ 'my-custom-fields\_wpnonce' \], 'my-custom-fields' ) ){
311
function saveCustomFields( $post\_id, $post )
312
{
313
if ( ! isset($\_POST\[ 'my-custom-fields\_wpnonce' \]) ) {
313
314
return;
314
315
}
315
if ( !current\_user\_can( 'edit\_post', $post\_id ) ){
316
if ( isset($\_POST\[ 'my-custom-fields\_wpnonce' \]) && !wp\_verify\_nonce( $\_POST\[ 'my-custom-fields\_wpnonce' \], 'my-custom-fields' ) ) {
317
return;
318
}
319
if ( !current\_user\_can( 'edit\_post', $post\_id ) ) {
316
320
return;
317
321
}
318
322
// handle the case when the custom post is quick edited
319
323
// otherwise all custom meta fields are cleared out
320
if (isset($\_POST\['\_inline\_edit'\]) && wp\_verify\_nonce($\_POST\['\_inline\_edit'\], 'inlineeditnonce') || isset($\_REQUEST\['bulk\_edit'\])){
324
if ( isset($\_POST\['\_inline\_edit'\]) || isset($\_REQUEST\['bulk\_edit'\]) ) {
321
325
return;
322
326
}
staff-directory-pro/trunk/readme.txt
r2546578
r2548539
1
1
\=== Staff Directory Plugin: Company Directory ===
2
2
Plugin Name: Company Directory
3
Contributors: richardgabriel, ghuger
3
Contributors: ghuger
4
4
Tags: staff, directory, directory plugin, staff directory, staff skills, skills matrix, directory with contact form, staff skills matrix, staff skills directory
5
Requires at least: 3.9
5
Requires at least: 5.0
6
6
Tested up to: 5.7.2
7
Stable tag: 3.6
7
Stable tag: 4.0
8
8
License: GPLv3 or later
9
9
License URI: http://www.gnu.org/licenses/gpl-3.0.html
…
…
86
86
\== Changelog ==
87
87
88
\= 4.0 =
89
\* Security fixes
90
\* Compatibility with WordPress 5.7.2.
91
88
92
\= 3.6 =
89
93
\* Fix depricated warning about media buttons
…
…
156
160
\== Upgrade Notice ==
157
161
158
\*\*3.6\*\* Fixes, UI improvements, and adds the option to use the Classic Editor or the Gutenburg editor for editing your Staff Members.
162
\*\*4.0\*\* Security fixes, compatibility with WordPress 5.7.2.
staff-directory-pro/trunk/staff-directory.php
r2469245
r2548539
5
5
Plugin URI: https://goldplugins.com/our-plugins/company-directory/
6
6
Description: Create a directory of your staff members and show it on your website!
7
Version: 3.6
7
Version: 4.0
8
8
Author: Gold Plugins
9
9
Author URI: https://goldplugins.com/
Note: See TracChangeset for help on using the changeset viewer.