Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-4935: Changeset 2630696 for wc-multivendor-marketplace – WordPress Plugin Repository

The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and privilege escalation (via the wp_ajax_wcfm_vendor_store_online AJAX action).

CVE
Open in Source
#js#wordpress#php#auth

Timestamp:

11/16/2021 01:04:41 PM (17 months ago)

wclovers

Message:

Ajax calls user permission check imposed

Location:

wc-multivendor-marketplace

Files:

  • tags/3.4.12/core/class-wcfmmp-media.php (2 diffs)
  • tags/3.4.12/core/class-wcfmmp-product-multivendor.php (2 diffs)
  • tags/3.4.12/core/class-wcfmmp-reviews.php (3 diffs)
  • trunk/core/class-wcfmmp-media.php (2 diffs)
  • trunk/core/class-wcfmmp-product-multivendor.php (2 diffs)
  • trunk/core/class-wcfmmp-reviews.php (3 diffs)

Legend:

Unmodified

Added

Removed

  • wc-multivendor-marketplace/tags/3.4.12/core/class-wcfmmp-media.php

    r2629651

    r2630696

189

189

    }

190

190

   

 

191

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

192

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

193

            wp\_die();

 

194

        }

 

195

   

191

196

    $mediaid = absint($\_POST\['mediaid'\]);

192

197

   

…

…

 

215

220

        wp\_die();

216

221

    }

 

222

   

 

223

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

224

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

225

            wp\_die();

 

226

        }

217

227

   

218

228

    if( isset($\_POST\['selected\_media'\]) ) {

  • wc-multivendor-marketplace/tags/3.4.12/core/class-wcfmmp-product-multivendor.php

    r2629651

    r2630696

347

347

    global $WCFM, $WCFMmp, $wp, $WCFM\_Query, $\_POST, $wpdb;

348

348

   

 

349

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

350

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

351

            wp\_die();

 

352

        }

 

353

   

349

354

    if( !class\_exists( 'WC\_Admin\_Duplicate\_Product' ) ) {

350

355

            include( WC\_ABSPATH . 'includes/admin/class-wc-admin-duplicate-product.php' );

…

…

 

383

388

  function wcfmmp\_product\_multivendor\_bulk\_clone() {

384

389

    global $WCFM, $WCFMmp, $wp, $WCFM\_Query, $\_POST, $wpdb;

 

390

   

 

391

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

392

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

393

            wp\_die();

 

394

        }

385

395

   

386

396

        if ( empty( $\_POST\['product\_ids'\] ) ) {

  • wc-multivendor-marketplace/tags/3.4.12/core/class-wcfmmp-reviews.php

    r2629651

    r2630696

279

279

    }

280

280

   

 

281

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

282

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

283

            wp\_die();

 

284

        }

 

285

   

281

286

    $reviewid = absint($\_POST\['reviewid'\]);

282

287

    $status   = absint($\_POST\['status'\]);

…

…

 

401

406

    }

402

407

   

 

408

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

409

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

410

            wp\_die();

 

411

        }

 

412

   

403

413

    $reviewid = absint($\_POST\['reviewid'\]);

404

414

        $status   = absint($\_POST\['status'\]);

…

…

 

429

439

        wp\_die();

430

440

    }

 

441

   

 

442

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

443

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

444

            wp\_die();

 

445

        }

431

446

   

432

447

    $reviewid = absint($\_POST\['reviewid'\]);

  • wc-multivendor-marketplace/trunk/core/class-wcfmmp-media.php

    r2628276

    r2630696

189

189

    }

190

190

   

 

191

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

192

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

193

            wp\_die();

 

194

        }

 

195

   

191

196

    $mediaid = absint($\_POST\['mediaid'\]);

192

197

   

…

…

 

215

220

        wp\_die();

216

221

    }

 

222

   

 

223

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

224

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

225

            wp\_die();

 

226

        }

217

227

   

218

228

    if( isset($\_POST\['selected\_media'\]) ) {

  • wc-multivendor-marketplace/trunk/core/class-wcfmmp-product-multivendor.php

    r2628276

    r2630696

347

347

    global $WCFM, $WCFMmp, $wp, $WCFM\_Query, $\_POST, $wpdb;

348

348

   

 

349

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

350

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

351

            wp\_die();

 

352

        }

 

353

   

349

354

    if( !class\_exists( 'WC\_Admin\_Duplicate\_Product' ) ) {

350

355

            include( WC\_ABSPATH . 'includes/admin/class-wc-admin-duplicate-product.php' );

…

…

 

383

388

  function wcfmmp\_product\_multivendor\_bulk\_clone() {

384

389

    global $WCFM, $WCFMmp, $wp, $WCFM\_Query, $\_POST, $wpdb;

 

390

   

 

391

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

392

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

393

            wp\_die();

 

394

        }

385

395

   

386

396

        if ( empty( $\_POST\['product\_ids'\] ) ) {

  • wc-multivendor-marketplace/trunk/core/class-wcfmmp-reviews.php

    r2629651

    r2630696

279

279

    }

280

280

   

 

281

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

282

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

283

            wp\_die();

 

284

        }

 

285

   

281

286

    $reviewid = absint($\_POST\['reviewid'\]);

282

287

    $status   = absint($\_POST\['status'\]);

…

…

 

401

406

    }

402

407

   

 

408

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

409

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

410

            wp\_die();

 

411

        }

 

412

   

403

413

    $reviewid = absint($\_POST\['reviewid'\]);

404

414

        $status   = absint($\_POST\['status'\]);

…

…

 

429

439

        wp\_die();

430

440

    }

 

441

   

 

442

    if ( !current\_user\_can( 'manage\_woocommerce' ) && !current\_user\_can( 'wcfm\_vendor' ) && !current\_user\_can( 'shop\_staff' ) ) {

 

443

        wp\_send\_json\_error( esc\_html\_\_( 'You don’t have permission to do this.', 'woocommerce' ) );

 

444

            wp\_die();

 

445

        }

431

446

   

432

447

    $reviewid = absint($\_POST\['reviewid'\]);

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE