Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-25032: Changeset 2640161 – WordPress Plugin Repository

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin’s settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.

CVE
#csrf

Timestamp:

12/06/2021 04:40:59 PM (5 weeks ago)

kevinB

Message:

  • Fixed : Security issue
  • Fixed : PHP Notice on Capabilities screen

Release 2.3.1

Location:

capability-manager-enhanced/trunk

Files:

  • capsman-enhanced.php (4 diffs)
  • includes/admin.php (1 diff)
  • includes/settings-handler.php (1 diff)
  • readme.txt (8 diffs)

Legend:

Unmodified

Added

Removed

  • capability-manager-enhanced/trunk/capsman-enhanced.php

    r2621618

    r2640161

4

4

 \* Plugin URI: https://publishpress.com/capability-manager/

5

5

 \* Description: Manage WordPress role definitions, per-site or network-wide. Organizes post capabilities by post type and operation.

6

 

 \* Version: 2.3

 

6

 \* Version: 2.3.1

7

7

 \* Author: PublishPress

8

8

 \* Author URI: https://publishpress.com/

…

…

 

26

26

 \* @license     GNU General Public License version 3

27

27

 \* @link        https://publishpress.com/

28

 

 \* @version     2.3

 

28

 \* @version     2.3.1

29

29

 \*/

30

30

31

31

if (!defined('CAPSMAN\_VERSION')) {

32

 

    define('CAPSMAN\_VERSION',           '2.3');

33

 

    define('CAPSMAN\_ENH\_VERSION',       '2.3');

34

 

    define('PUBLISHPRESS\_CAPS\_VERSION', '2.3');

 

32

    define('CAPSMAN\_VERSION',           '2.3.1');

 

33

    define('CAPSMAN\_ENH\_VERSION',       '2.3.1');

 

34

    define('PUBLISHPRESS\_CAPS\_VERSION', '2.3.1');

35

35

}

36

36

…

…

 

146

146

if (

147

147

((defined('WP\_DEBUG') && defined('CAPSMAN\_INSTALL\_PERMISSIONS')) || (!cme\_is\_plugin\_active('press-permit-core.php') && !cme\_is\_plugin\_active('presspermit-pro.php')))

148

 

&& !isset($\_GET\['pp-after-click'\])

 

148

&& !isset( $\_GET\['pp-after-click'\])

149

149

&& !defined('CAPSMAN\_DISABLE\_PERMISSIONS\_PROMO')

150

150

) {

…

…

 

157

157

        ) {

158

158

            require\_once ( dirname(\_\_FILE\_\_) . '/includes-core/pp-capabilities-permissions.php' );

159

 

        }

 

159

    }

160

160

    });

161

161

}
  • capability-manager-enhanced/trunk/includes/admin.php

    r2621618

    r2640161

694

694

                    }

695

695

 

696

                    if (empty($caps\_manager\_postcaps\_section)) {

 

697

                        $caps\_manager\_postcaps\_section = '';

 

698

                    }

 

699

696

700

                    do\_action('publishpress-caps\_manager\_postcaps\_section', compact('current', 'rcaps', 'pp\_metagroup\_caps', 'is\_administrator', 'default\_caps', 'custom\_types', 'defined', 'unfiltered', 'pp\_metagroup\_caps','caps\_manager\_postcaps\_section', 'active\_tab\_id'));

697

701
  • capability-manager-enhanced/trunk/includes/settings-handler.php

    r2589382

    r2640161

8

8

9

9

add\_action('init', function() {

10

 

11

 

    if (!empty($\_POST\['all\_options'\])) {

12

 

        foreach(explode(',', $\_POST\['all\_options'\]) as $option\_name) {

13

 

            $value = isset($\_POST\[$option\_name\]) ? $\_POST\[$option\_name\] : '';

14

 

15

 

            if (!is\_array($value)) {

16

 

                $value = trim($value);

17

 

            }

18

 

19

 

            update\_option($option\_name, stripslashes\_deep($value));

20

 

        }

 

10

    if (wp\_verify\_nonce($\_REQUEST\['\_wpnonce'\], 'pp-capabilities-settings') && current\_user\_can('manage\_capabilities')) {

 

11

        if (!empty($\_POST\['all\_options'\])) {

 

12

            foreach(explode(',', $\_POST\['all\_options'\]) as $option\_name) {

 

13

                foreach (\['cme\_', 'capsman', 'pp\_capabilities'\] as $prefix) {

 

14

                    if (0 === strpos($option\_name, $prefix)) {

 

15

                        $value = isset($\_POST\[$option\_name\]) ? $\_POST\[$option\_name\] : '';

 

16

   

 

17

                        if (!is\_array($value)) {

 

18

                            $value = trim($value);

 

19

                        }

 

20

                       

 

21

                        update\_option($option\_name, stripslashes\_deep($value));

 

22

                    }

 

23

                }

 

24

            }

 

25

        }

 

26

   

 

27

        do\_action('pp-capabilities-update-settings');

21

28

    }

22

 

23

 

    do\_action('pp-capabilities-update-settings');

24

29

});
  • capability-manager-enhanced/trunk/readme.txt

    r2621618

    r2640161

8

8

Tested up to: 5.8

9

9

Requires PHP: 5.6.20

10

 

Stable tag: 2.3

 

10

Stable tag: 2.3.1

11

11

License: GPLv3

12

12

License URI: https://www.gnu.org/licenses/gpl-3.0.html

…

…

 

48

48

49

49

Many WordPress users have sites with custom post types. This can be done using custom code, a theme, or with a plugin. No matter how your post type is created, PublishPress Capabilities lets you enforce and assign distinct capabilities for your post type.

 

50

50

51

\[Click here to see how to control post type permissions\](https://publishpress.com/knowledge-base/custom-post-types-capability/).

51

52

…

…

 

66

67

67

68

Every time you change your permissions, the PublishPress Capabilities plugin will now automatically create a backup. If you make a mistake, go to the "Backup" menu link and you'll be able to roll back to a previous version.

 

69

68

70

\[Click here to see how to backup permissions\](https://publishpress.com/knowledge-base/backup-restore-permissions/).

69

71

…

…

 

71

73

72

74

With PublishPress Capabilities you can create or copy any existing WordPress user role. These roles can be customized in exactly the same way as the default WordPress roles. These new roles can be added to single sites or to an entire multisite network.

 

75

73

76

\[Click here to see how to create or copy user roles\](https://publishpress.com/knowledge-base/create-or-copy-user-roles/).

74

77

…

…

 

88

91

89

92

PublishPress Capabilities enables you to decide who can upload, edit and delete files from your site's Media Library. By default, only Administrators are able to delete files in your Media Library. Subscribers and Contributors are not even allowed to upload files. You can customize these permissions for the Media Library and also the Featured Image box.

 

93

90

94

\[Click here to learn about Media Library permissions\](https://publishpress.com/knowledge-base/control-media-library-access/).

91

95

…

…

 

93

97

94

98

We mentioned earlier that PublishPress Capabilities has special support for WooCommerce taxonomies. This is true for the rest of WooCommerce also. With PublishPress Capabilities you can control permissions for WooCommerce products, orders and coupons.

 

99

95

100

\[Click here to learn about WooCommerce permissions\](https://publishpress.com/knowledge-base/woocommerce-permissons/).

96

101

…

…

 

98

103

99

104

PublishPress Capabilities allows you to control permissions on a single site or across your whole network. Every time you update permissions in PublishPress Capabilities, you can choose to sync those changes across your multisite network.

 

105

100

106

\[Click here to learn about multisite permissions\](https://publishpress.com/knowledge-base/multisite-network/).

101

107

…

…

 

150

156

Fixed : Non-administrators with user editing capabilities could add new Administrators

151

157

 

158

\= 2.3.1 =

 

159

Fixed : Security issue. Please update.

 

160

152

161

\== Changelog ==

 

162

 

163

\= 2.3.1 - 6 Dec 2021 =

 

164

  \* Fixed : Security issue

 

165

  \* Fixed : PHP Notice on Capabilities screen

153

166

154

167

\= 2.3 - 28 Oct 2021 =

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907