Headline
CVE-2020-36749: Changeset 2370405 for easy-testimonials – WordPress Plugin Repository
The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Timestamp:
08/27/2020 01:57:10 PM (3 years ago)
richardgabriel
Message:
3.7
- Security Fix - nonces not checked in some cases.
Location:
easy-testimonials/trunk
Files:
- easy-testimonials.php (1 diff)
- include/lib/ik-custom-post-type.php (1 diff)
- readme.txt (3 diffs)
Legend:
Unmodified
Added
Removed
easy-testimonials/trunk/easy-testimonials.php
r2340028
r2370405
5
5
Description: Easy Testimonials - Provides custom post type, shortcode, sidebar widget, and other functionality for testimonials.
6
6
Author: Gold Plugins
7
Version: 3.6.1
7
Version: 3.7
8
8
Author URI: https://goldplugins.com
9
9
Text Domain: easy-testimonials
easy-testimonials/trunk/include/lib/ik-custom-post-type.php
r2264247
r2370405
271
271
//idea from here: http://wordpress.stackexchange.com/questions/37967/custom-field-being-erased-after-autosave
272
272
//don't udpate custom fields on quickedit screen so that they aren't erased.
273
if ((defined('DOING\_AJAX') && DOING\_AJAX) || isset($\_REQUEST\['bulk\_edit'\])){
273
if ((defined('DOING\_AJAX') && DOING\_AJAX) || isset($\_REQUEST\['bulk\_edit'\])) {
274
274
return;
275
275
}
276
276
277
//RWG: 1.30.14 - added isset($\_POST\[ 'my-custom-fields\_wpnonce' \]) to prevent undefined index notices on new item creation
278
if ( isset($\_POST\[ 'my-custom-fields\_wpnonce' \]) && !wp\_verify\_nonce( $\_POST\[ 'my-custom-fields\_wpnonce' \], 'my-custom-fields' ) )
277
// Quit now if no/invalid nonce presented (e.g., when WP first creates the record to display the New Post screen)
278
if ( empty($\_POST\[ 'my-custom-fields\_wpnonce' \])
279
|| ! wp\_verify\_nonce( $\_POST\[ 'my-custom-fields\_wpnonce' \], 'my-custom-fields' ) ) {
279
280
return;
280
if ( !current\_user\_can( 'edit\_post', $post\_id ) )
281
}
282
283
if ( !current\_user\_can( 'edit\_post', $post\_id ) ) {
281
284
return;
285
}
286
282
287
//if ( $post->post\_type != 'page' && $post->post\_type != 'post')//RWG
283
288
// return;
easy-testimonials/trunk/readme.txt
r2365858
r2370405
7
7
Requires PHP: 5.3
8
8
Tested up to: 5.5
9
Stable tag: 3.6.1
9
Stable tag: 3.7
10
10
License: GPLv3 or later
11
11
License URI: http://www.gnu.org/licenses/gpl-3.0.html
…
…
154
154
\== Changelog ==
155
155
156
\= 3.7 =
157
\* Security Fix - nonces not checked in some cases.
158
156
159
\= 3.6.1 =
157
160
\* Fix issue with Pro slideshow JS being overwritten by base slideshow JS
…
…
221
224
\== Upgrade Notice ==
222
225
223
\*\*3.6.1\*\* Bug Fixes and Updates
226
\*\*3.7\*\* Security fix, resolves issue where in some cases nonces were not checked.
Note: See TracChangeset for help on using the changeset viewer.