Headline
CVE-2020-36724: Changeset 2234193 for wordable/trunk/wordable.php – WordPress Plugin Repository
The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges.
Timestamp:
01/28/2020 02:38:28 AM (3 years ago)
wordable
Message:
Fixed an important security vulnerability
File:
- wordable/trunk/wordable.php (3 diffs)
Legend:
Unmodified
Added
Removed
wordable/trunk/wordable.php
r2096795
r2234193
4
4
\* Plugin URI: http://www.wordable.io
5
5
\* Description: This plugin allows you to instantly export Google Docs to WordPress posts or pages.
6
\* Version: 3.1.1
6
\* Version: 3.1.2
7
7
\* Author: Wordable
8
8
\* Author URI: https://www.wordable.io/contact/
…
…
11
11
\*/
12
12
13
define('VERSION', '3.1.1');
13
define('VERSION', '3.1.2');
14
14
15
15
add\_action( 'admin\_notices', 'wordable\_admin\_notices' );
…
…
247
247
$match = false;
248
248
foreach ( $users as $user ) {
249
if ( $hash == hash\_hmac( $algo, $raw\_post, $user->secret ) ) {
249
if ( $hash == hash\_hmac( 'sha1', $raw\_post, $user->secret ) ) {
250
250
$match = $user->user\_id;
251
251
break;
Note: See TracChangeset for help on using the changeset viewer.