Opened 6 years ago

Closed 5 years ago

#612 closed defect (fixed)

Umstellung der Verlinkung und die dazugehörige Formulare mit Nonces

Reported by: t.goetzrath Owned by: d.schmitzer
Priority: blocker Milestone: 4.2
Component: Core Version: 4.0
Keywords: Security Cc:

Description

siehe hierzu: https://codex.wordpress.org/WordPress_Nonces

Grund hierfür:
During our monitoring of changes made to WordPress plugins in the Plugin Directory we found a cross-site request forgery (CSRF)/arbitrary file upload vulnerability in your wpShopGermany Free plugin.

When uploading files through the page /wp-admin/admin.php?page=wpsg-Admin&subaction=widerrufsbelehrung there is no protection against cross-site request forgery (CSRF), so it would be possible for an attacker to cause someone logged in to WordPress as Administrator to upload files they didn't intend. It looks like the lack of protection against CSRF is an issue with other parts of the plugin as well. Fixing the CSRF issue would take care of this, but if possible it would be a good idea to restrict what types of files can be uploaded as well.

You can find information on preventing cross-site request forgery (CSRF) in WordPress plugins at http://codex.wordpress.org/WordPress_Nonces.

If you have any questions or need help in dealing with this issue, please feel free to get back to us.

Due to our need to inform our customers of vulnerabilities in plugins they may be using in a timely basis, our policy is to disclose a vulnerability no later than 30 days after we have notified the developer of it and 7 days after notifying if we don't receive any response from the developer. So if this is not going to be fixed in the next 7 days please let us know and we will hold back disclosure until after it is fixed or 30 days, whichever comes first.

Plugin Vulnerabilities

Change History (3)

comment:1 by Roger Rehnelt, 5 years ago

Milestone: 4.14.2
Priority: criticalblocker

comment:2 by Roger Rehnelt, 5 years ago

Am 29.6.2018 habe ich denen geantwortet:

We fixed it in the version 4.0.10 (Revision 1901023).
We will fully integrate the Nonces functions in the whole plugin in the next 4 weeks.

Wahrscheinlich nur an der Stelle, oder? Welche Stellen betrifft es noch? IMHO doch nur Uploads?

comment:3 by d.schmitzer, 5 years ago

Resolution: fixed
Status: newclosed

Ich habe nach "file" gesucht und die Uploadformulare gesichert. Zusätzlich die meisten im Backend.

Note: See TracTickets for help on using tickets.