Headline
CVE-2020-36761: Changeset 2368373 for top-10 – WordPress Plugin Repository
The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an export of the top 10 table via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
top-10/trunk/includes/admin/import-export.php
r2324654
r2368373
57
57
</p>
58
58
59
<?php wp\_nonce\_field( 'tptn\_export\_setting\_nonce', 'tptn\_export\_setting\_nonce' ); ?>
59
<?php wp\_nonce\_field( 'tptn\_export\_settings\_nonce', 'tptn\_export\_settings\_nonce' ); ?>
60
60
</form>
61
61
…
…
153
153
}
154
154
155
if ( isset( $\_POST\['tptn\_export\_nonce'\] ) && ! wp\_verify\_nonce( sanitize\_key( $\_POST\['tptn\_export\_nonce'\] ), 'tptn\_export\_nonce' ) ) {
155
if ( ! wp\_verify\_nonce( sanitize\_key( $\_POST\['tptn\_export\_nonce'\] ), 'tptn\_export\_nonce' ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated
156
156
return;
157
157
}
…
…
236
236
}
237
237
238
if ( isset( $\_POST\['tptn\_import\_nonce'\] ) && ! wp\_verify\_nonce( sanitize\_key( $\_POST\['tptn\_import\_nonce'\] ), 'tptn\_import\_nonce' ) ) {
238
if ( ! wp\_verify\_nonce( sanitize\_key( $\_POST\['tptn\_import\_nonce'\] ), 'tptn\_import\_nonce' ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated
239
239
return;
240
240
}
…
…
320
320
}
321
321
322
if ( isset( $\_POST\['tptn\_export\_settings\_nonce'\] ) && ! wp\_verify\_nonce( sanitize\_key( $\_POST\['tptn\_export\_settings\_nonce'\] ), 'tptn\_export\_settings\_nonce' ) ) {
322
if ( ! wp\_verify\_nonce( sanitize\_key( $\_POST\['tptn\_export\_settings\_nonce'\] ), 'tptn\_export\_settings\_nonce' ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated
323
323
return;
324
324
}
…
…
353
353
}
354
354
355
if ( isset( $\_POST\['tptn\_import\_settings\_nonce'\] ) && ! wp\_verify\_nonce( sanitize\_key( $\_POST\['tptn\_import\_settings\_nonce'\] ), 'tptn\_import\_settings\_nonce' ) ) {
355
if ( ! wp\_verify\_nonce( sanitize\_key( $\_POST\['tptn\_import\_settings\_nonce'\] ), 'tptn\_import\_settings\_nonce' ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated
356
356
return;
357
357
}
top-10/trunk/readme.txt
r2350599
r2368373
3
3
Contributors: webberzone, Ajay
4
4
Donate link: https://ajaydsouza.com/donate/
5
Stable tag: 2.9.4
5
Stable tag: 2.9.5
6
6
Requires at least: 4.9
7
7
Tested up to: 5.5
…
…
162
162
== Changelog ==
163
163
164
= 2.9.5 =
165
166
Release post: [https://webberzone.com/blog/top-10-v2-9-0/](https://webberzone.com/blog/top-10-v2-9-0/)
167
168
* Bug fixes:
169
\* Security fix: Nonces were not always checked in import module
170
164
171
= 2.9.4 =
165
172
…
…
231
238
== Upgrade Notice ==
232
239
233
= 2.9.4 =
234
Bug fixes and new features; Check the Changelog for more details or the release posts on https://webberzone.com
235
240
= 2.9.5 =
241
Security fix; Check the Changelog for more details or the release posts on https://webberzone.com
242
top-10/trunk/top-10.php
r2324654
r2368373
15
15
* Plugin URI: https://webberzone.com/plugins/top-10/
16
16
* Description: Count daily and total visits per post and display the most popular posts based on the number of views
17
* Version: 2.9.4
17
* Version: 2.9.5
18
18
* Author: Ajay D’Souza
19
19
* Author URI: https://webberzone.com