Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-4932: Changeset 2684462 for boldgrid-backup – WordPress Plugin Repository

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.

CVE
Open in Source
#web#google#amazon#wordpress#php#auth#ssl

boldgrid-backup/tags/1.14.14/admin/class-boldgrid-backup-admin-in-progress.php

r2570348

r2684462

63

63

/\*\*

64

64

 \* Add a notice telling the user there's a backup in progress.

65

 \*

66

 \* Calls to this method should ensure user (based on role) should actually see this notice.

65

67

 \*

66

68

 \* @since 1.6.0

426

428

 \*/

427

429

public function heartbeat\_received( $response, $data ) {

430

    // Only admins should see the status of a backup in progress.

431

    if ( ! Boldgrid\_Backup\_Admin\_Utility::is\_user\_admin() ) {

432

        return $response;

433

    }

434

428

435

    $key = 'boldgrid\_backup\_in\_progress';

429

436

boldgrid-backup/tags/1.14.14/admin/class-boldgrid-backup-admin-notice.php

r2570348

r2684462

95

95

    $notices = get\_option( $option, \[\] );

96

96

97

    $notices = $this->core->in\_progress->add\_notice( $notices );

97

    // Only admins should see "backup in progress" notices.

98

    if ( Boldgrid\_Backup\_Admin\_Utility::is\_user\_admin() ) {

99

        $notices = $this->core->in\_progress->add\_notice( $notices );

100

    }

98

101

99

102

    if ( empty( $notices ) ) {

boldgrid-backup/tags/1.14.14/admin/class-boldgrid-backup-admin-utility.php

r2314097

r2684462

518

518

519

519

/\*\*

520

 \* Determine whether or not the current user is an administrator.

521

 \*

522

 \* @since 1.14.14

523

 \*

524

 \* @return bool

525

 \*/

526

public static function is\_user\_admin() {

527

    return current\_user\_can( 'update\_plugins' );

528

}

529

530

/\*\*

520

531

 \* Determine whether or not the given $page is the current.

521

532

 \*

boldgrid-backup/tags/1.14.14/boldgrid-backup.php

r2570348

r2684462

17

17

* Plugin URI: https://www.boldgrid.com/boldgrid-backup/

18

18

* Description: Automated backups, remote backup to Amazon S3 and Google Drive, stop website crashes before they happen and more. Total Upkeep is the backup solution you need.

19

* Version: 1.14.13

19

* Version: 1.14.14

20

20

* Author: BoldGrid

21

21

* Author URI: https://www.boldgrid.com/

boldgrid-backup/tags/1.14.14/readme.txt

r2663423

r2684462

5

5

Tested up to: 5.9

6

6

Requires PHP: 5.4

7

Stable tag: 1.14.13

7

Stable tag: 1.14.14

8

8

License: GPLv2 or later

9

9

License URI: http://www.gnu.org/licenses/gpl-2.0.html

133

133

== Changelog ==

134

134

135

= 1.14.14 =

136

137

Release date: February 24th, 2022

138

139

* Update: Only show “backup in progress” notices for admins.

140

* Security fix: Permissions check added to heartbeat_received for backup progress.

141

135

142

= 1.14.13 =

136

143

boldgrid-backup/tags/1.14.14/vendor/autoload.php

r2570348

r2684462

5

5

require_once __DIR__ . '/composer/autoload_real.php’;

6

6

7

return ComposerAutoloaderInitd35f0d695e98dc3502d9432168957439::getLoader();

7

return ComposerAutoloaderInitd9e576e01664c4c9b6de0e39a381436a::getLoader();

boldgrid-backup/tags/1.14.14/vendor/composer/autoload_real.php

r2570348

r2684462

3

3

// autoload_real.php @generated by Composer

4

4

5

class ComposerAutoloaderInitd35f0d695e98dc3502d9432168957439

5

class ComposerAutoloaderInitd9e576e01664c4c9b6de0e39a381436a

6

6

{

7

7

private static $loader;

23

23

    }

24

24

25

    spl\_autoload\_register(array('ComposerAutoloaderInitd35f0d695e98dc3502d9432168957439', 'loadClassLoader'), true, true);

25

    spl\_autoload\_register(array('ComposerAutoloaderInitd9e576e01664c4c9b6de0e39a381436a', 'loadClassLoader'), true, true);

26

26

    self::$loader = $loader = new \\Composer\\Autoload\\ClassLoader();

27

    spl\_autoload\_unregister(array('ComposerAutoloaderInitd35f0d695e98dc3502d9432168957439', 'loadClassLoader'));

27

    spl\_autoload\_unregister(array('ComposerAutoloaderInitd9e576e01664c4c9b6de0e39a381436a', 'loadClassLoader'));

28

28

29

29

    $useStaticLoader = PHP\_VERSION\_ID >= 50600 && !defined('HHVM\_VERSION') && (!function\_exists('zend\_loader\_file\_encoded') || !zend\_loader\_file\_encoded());

31

31

        require\_once \_\_DIR\_\_ . '/autoload\_static.php';

32

32

33

        call\_user\_func(\\Composer\\Autoload\\ComposerStaticInitd35f0d695e98dc3502d9432168957439::getInitializer($loader));

33

        call\_user\_func(\\Composer\\Autoload\\ComposerStaticInitd9e576e01664c4c9b6de0e39a381436a::getInitializer($loader));

34

34

    } else {

35

35

        $map = require \_\_DIR\_\_ . '/autoload\_namespaces.php';

52

52

53

53

    if ($useStaticLoader) {

54

        $includeFiles = Composer\\Autoload\\ComposerStaticInitd35f0d695e98dc3502d9432168957439::$files;

54

        $includeFiles = Composer\\Autoload\\ComposerStaticInitd9e576e01664c4c9b6de0e39a381436a::$files;

55

55

    } else {

56

56

        $includeFiles = require \_\_DIR\_\_ . '/autoload\_files.php';

57

57

    }

58

58

    foreach ($includeFiles as $fileIdentifier => $file) {

59

        composerRequired35f0d695e98dc3502d9432168957439($fileIdentifier, $file);

59

        composerRequired9e576e01664c4c9b6de0e39a381436a($fileIdentifier, $file);

60

60

    }

61

61

64

64

}

65

65

66

function composerRequired35f0d695e98dc3502d9432168957439($fileIdentifier, $file)

66

function composerRequired9e576e01664c4c9b6de0e39a381436a($fileIdentifier, $file)

67

67

{

68

68

if (empty($GLOBALS\['\_\_composer\_autoload\_files'\]\[$fileIdentifier\])) {

boldgrid-backup/tags/1.14.14/vendor/composer/autoload_static.php

r2570348

r2684462

5

5

namespace Composer\Autoload;

6

6

7

class ComposerStaticInitd35f0d695e98dc3502d9432168957439

7

class ComposerStaticInitd9e576e01664c4c9b6de0e39a381436a

8

8

{

9

9

public static $files = array (

92

92

{

93

93

    return \\Closure::bind(function () use ($loader) {

94

        $loader->prefixLengthsPsr4 = ComposerStaticInitd35f0d695e98dc3502d9432168957439::$prefixLengthsPsr4;

95

        $loader->prefixDirsPsr4 = ComposerStaticInitd35f0d695e98dc3502d9432168957439::$prefixDirsPsr4;

96

        $loader->classMap = ComposerStaticInitd35f0d695e98dc3502d9432168957439::$classMap;

94

        $loader->prefixLengthsPsr4 = ComposerStaticInitd9e576e01664c4c9b6de0e39a381436a::$prefixLengthsPsr4;

95

        $loader->prefixDirsPsr4 = ComposerStaticInitd9e576e01664c4c9b6de0e39a381436a::$prefixDirsPsr4;

96

        $loader->classMap = ComposerStaticInitd9e576e01664c4c9b6de0e39a381436a::$classMap;

97

97

98

98

    }, null, ClassLoader::class);

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE