Headline
CVE-2022-0199: Changeset 2659455 – WordPress Plugin Repository
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack
Timestamp:
01/18/2022 04:16:28 PM (5 weeks ago)
wpdevart
Message:
new version
Location:
coming-soon-page/trunk
Files:
- coming_soon.php (1 diff)
- includes/admin_menu.php (5 diffs)
- readme.txt (2 diffs)
Legend:
Unmodified
Added
Removed
coming-soon-page/trunk/coming_soon.php
r2655973
r2659455
6
6
\* Author URI: https://wpdevart.com
7
7
\* Description: Coming soon and Maintenance mode plugin is awesome tool to show your users that you are working on your website to make it better. Our coming soon plugin is the best way to create better coming soon page.
8
\* Version: 3.6.7
8
\* Version: 3.6.8
9
9
\* Author: wpdevart
10
10
\* License: GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
coming-soon-page/trunk/includes/admin_menu.php
r2655973
r2659455
1862
1862
if ($mailing\_lists == NULL)
1863
1863
$mailing\_lists = array();
1864
if (isset($\_GET\['id'\]) && isset($\_GET\['task'\]) && $\_GET\['task'\] == 'remove\_user') {
1864
if (isset($\_GET\['id'\]) && isset($\_GET\['task'\]) && $\_GET\['task'\] == 'remove\_user' && wp\_verify\_nonce($\_POST\['wpda\_coming\_soon\_mail\_nonce'\], 'wpda\_coming\_soon\_mail\_nonce')) {
1865
1865
$get\_id = intval($\_GET\['id'\]);
1866
1866
unset($mailing\_lists\[$get\_id\]);
…
…
1868
1868
}
1869
1869
?>
1870
1871
1870
<div class="wpdevart\_plugins\_header div-for-clear">
1872
1871
<div class="wpdevart\_plugins\_get\_pro div-for-clear">
…
…
1892
1891
<br /><br />
1893
1892
<span class="error\_massage mailing\_list"></span>
1893
<?php wp\_nonce\_field('wpda\_coming\_soon\_mail\_nonce', 'wpda\_coming\_soon\_mail\_nonce'); ?>
1894
1894
</form>
1895
1895
<h2>The list of the subscribed users</h2> <?php $this->generete\_subscriber\_table\_lists($mailing\_lists); ?><h2>The list of the Subscribed users emails</h2><p><span style="color:#7052fb;font-weight:bold;">You can copy the emails list from the below and send emails using Gmail or other email services.</span></p><textarea readonly style="min-height:200px;width:95%">
…
…
1911
1911
massage\_from\_name: jQuery('#massage\_from\_name').val(),
1912
1912
massage\_description: jQuery('#massage\_description').val(),
1913
massage\_title: jQuery('#massage\_title').val()
1913
massage\_title: jQuery('#massage\_title').val(),
1914
wpda\_coming\_soon\_mail\_nonce:jQuery('#wpda\_coming\_soon\_mail\_nonce').val()
1914
1915
},
1915
1916
}).done(function(date) {
…
…
1969
1970
die();
1970
1971
}
1972
if(wp\_verify\_nonce($\_POST\['wpda\_coming\_soon\_mail\_nonce'\], 'wpda\_coming\_soon\_mail\_nonce') === false){
1973
echo esc\_html($this->text\_parametrs\['authorize\_problem'\]);
1974
die();
1975
}
1976
1971
1977
$mailing\_lists = json\_decode(stripslashes(get\_option('users\_mailer', '')), true);
1972
1978
if ($mailing\_lists == NULL)
coming-soon-page/trunk/readme.txt
r2655973
r2659455
5
5
Requires at least: 3.4.0
6
6
Tested up to: 5.8.3
7
Stable tag: 3.6.7
7
Stable tag: 3.6.8
8
8
License: GPLv3
9
9
License URI: http://www.gnu.org/licenses/gpl-3.0.html
…
…
781
781
\* Bug fixed.
782
782
783
\= 3.6.8 ==
784
785
\* Bug fixed!
786
783
787
\==Step by step guide==
784
788
Note: See TracChangeset for help on using the changeset viewer.