Headline
CVE-2022-1329: Changeset 2708766 for elementor/trunk/core/app/modules/onboarding/module.php – WordPress Plugin Repository
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
Timestamp:
04/12/2022 07:29:58 PM (7 months ago)
KingYes
Message:
Upload v3.6.3
File:
- elementor/trunk/core/app/modules/onboarding/module.php (3 diffs)
Legend:
Unmodified
Added
Removed
elementor/trunk/core/app/modules/onboarding/module.php
r2688036
r2708766
3
3
4
4
use Automatic\_Upgrader\_Skin;
5
use Elementor\\Core\\App\\Modules\\KitLibrary\\Connect\\Kit\_Library;
6
5
use Elementor\\Core\\Base\\Module as BaseModule;
7
6
use Elementor\\Core\\Common\\Modules\\Ajax\\Module as Ajax;
8
7
use Elementor\\Core\\Common\\Modules\\Connect\\Apps\\Library;
9
use Elementor\\Core\\Common\\Modules\\Connect\\Module as ConnectModule;
10
8
use Elementor\\Core\\Files\\Uploads\_Manager;
11
9
use Elementor\\Plugin;
…
…
94
92
'source' => 'generic',
95
93
\] ),
94
'signUp' => $library->get\_admin\_url( 'authorize', \[
95
'utm\_source' => 'onboarding-wizard',
96
'utm\_campaign' => 'connect-account',
97
'utm\_medium' => 'wp-dash',
98
'utm\_term' => self::VERSION,
99
'source' => 'generic',
100
'screen\_hint' => 'signup',
101
\] ),
96
102
'uploadPro' => Plugin::$instance->app->get\_base\_url() . '#/onboarding/uploadAndInstallPro?mode=popup',
97
103
\],
…
…
436
442
isset( $\_POST\['action'\] ) &&
437
443
isset( $\_POST\['\_nonce'\] ) &&
438
wp\_verify\_nonce( $\_POST\['\_nonce'\], Ajax::NONCE\_KEY )
444
wp\_verify\_nonce( $\_POST\['\_nonce'\], Ajax::NONCE\_KEY ) &&
445
current\_user\_can( 'manage\_options' )
439
446
) {
440
447
$this->maybe\_handle\_ajax();
Note: See TracChangeset for help on using the changeset viewer.