Headline
CVE-2020-36740: Changeset 2368215 for radio-buttons-for-taxonomies – WordPress Plugin Repository
The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Timestamp:
08/25/2020 01:11:06 AM (3 years ago)
helgatheviking
Message:
Update to version 2.0.6 from GitHub
Location:
radio-buttons-for-taxonomies
Files:
2 added
2 deleted
6 edited
1 copied
tags/2.0.6 (copied from radio-buttons-for-taxonomies/trunk)
tags/2.0.6/LICENSE
tags/2.0.6/inc/class.WordPress_Radio_Taxonomy.php (1 diff)
tags/2.0.6/radio-buttons-for-taxonomies.php (1 diff)
tags/2.0.6/readme.txt (1 diff)
tags/2.0.6/webpack.config.js
trunk/LICENSE
trunk/inc/class.WordPress_Radio_Taxonomy.php (1 diff)
trunk/radio-buttons-for-taxonomies.php (1 diff)
trunk/readme.txt (1 diff)
trunk/webpack.config.js
Legend:
Unmodified
Added
Removed
radio-buttons-for-taxonomies/tags/2.0.6/inc/class.WordPress_Radio_Taxonomy.php
r2260600
r2368215
434
434
return $post\_id;
435
435
436
// verify nonce
437
if ( isset( $\_POST\["\_radio\_nonce-{$this->taxonomy}"\]) && ! wp\_verify\_nonce( $\_REQUEST\["\_radio\_nonce-{$this->taxonomy}"\], "radio\_nonce-{$this->taxonomy}" ) )
436
// Verify nonce.
437
if ( ! isset( $\_POST\["\_radio\_nonce-{$this->taxonomy}"\]) || ! wp\_verify\_nonce( $\_REQUEST\["\_radio\_nonce-{$this->taxonomy}"\], "radio\_nonce-{$this->taxonomy}" ) ) {
438
438
return $post\_id;
439
}
439
440
440
441
// OK, we must be authenticated by now: we need to find and save the data
radio-buttons-for-taxonomies/tags/2.0.6/radio-buttons-for-taxonomies.php
r2287093
r2368215
277
277
\* @since 2.0
278
278
\*/
279
public function block\_editor\_assets(){
279
public function block\_editor\_assets() {
280
281
// @todo: use npm run build to minify.
280
282
$suffix = defined( 'SCRIPT\_DEBUG' ) && SCRIPT\_DEBUG ? '' : '.min';
281
283
radio-buttons-for-taxonomies/tags/2.0.6/readme.txt
r2287093
r2368215
54
54
\== Changelog ==
55
55
56
\= 2.0.6 =
57
\* Fix: Vulnerable nonce in save routine.
58
56
59
\= 2.0.5 =
57
60
\* Fix: Admin settings- Get all taxonomies with show\_ui=true.
radio-buttons-for-taxonomies/trunk/inc/class.WordPress_Radio_Taxonomy.php
r2260600
r2368215
434
434
return $post\_id;
435
435
436
// verify nonce
437
if ( isset( $\_POST\["\_radio\_nonce-{$this->taxonomy}"\]) && ! wp\_verify\_nonce( $\_REQUEST\["\_radio\_nonce-{$this->taxonomy}"\], "radio\_nonce-{$this->taxonomy}" ) )
436
// Verify nonce.
437
if ( ! isset( $\_POST\["\_radio\_nonce-{$this->taxonomy}"\]) || ! wp\_verify\_nonce( $\_REQUEST\["\_radio\_nonce-{$this->taxonomy}"\], "radio\_nonce-{$this->taxonomy}" ) ) {
438
438
return $post\_id;
439
}
439
440
440
441
// OK, we must be authenticated by now: we need to find and save the data
radio-buttons-for-taxonomies/trunk/radio-buttons-for-taxonomies.php
r2287093
r2368215
277
277
\* @since 2.0
278
278
\*/
279
public function block\_editor\_assets(){
279
public function block\_editor\_assets() {
280
281
// @todo: use npm run build to minify.
280
282
$suffix = defined( 'SCRIPT\_DEBUG' ) && SCRIPT\_DEBUG ? '' : '.min';
281
283
radio-buttons-for-taxonomies/trunk/readme.txt
r2287093
r2368215
54
54
\== Changelog ==
55
55
56
\= 2.0.6 =
57
\* Fix: Vulnerable nonce in save routine.
58
56
59
\= 2.0.5 =
57
60
\* Fix: Admin settings- Get all taxonomies with show\_ui=true.
Note: See TracChangeset for help on using the changeset viewer.