How to Fix WordPress WPLMS theme privilege escalation vulnerability

Vulnerability Description:
The vulnerable code is located in the /includes/func.php

the function import_data can be called by logged in users
and executed which can lead to modifying wordpress settings and adding a
new administrator which may cause the site a full take over!

add_action( 'wp_ajax_import_data', 'import_data' );
function import_data(){
  $name = stripslashes($_POST['name']);
  $code = base64_decode(trim($_POST['code']));
  if(is_string($code))
    $code = unserialize ($code);
  $value = get_option($name);
  if(isset($value)){
    update_option($name,$code);
  }else{
    echo "Error, Option does not exist !";
  }
  die();
}

Vulnerability Fix:

to fix this vulnerability and secure your wordpress website , go to Your_Theme_Path/includes and edit the import_data function in  file func.php  like what i did below:

add_action( 'wp_ajax_import_data', 'import_data' );
function import_data(){
  $name = stripslashes($_POST['name']);
  $code = base64_decode(trim($_POST['code']));
  if(is_string($code))
    $code = unserialize ($code);
  $value = get_option($name);
  if(isset($value) && current_user_can( 'administrator' )){
    update_option($name,$code);
  }else{
    echo "Error, Option does not exist ! || Secured by Amnnet.ir";
  }
  die();
}
0 نظر

پاسخ دهید

می خواهید به بحث بپیوندید ؟

پاسخی بگذارید