How to Fix WordPress WPLMS theme privilege escalation vulnerability
Vulnerability Description:
The vulnerable code is located in the /includes/func.php
the function import_data can be called by logged in users
and executed which can lead to modifying wordpress settings and adding a
new administrator which may cause the site a full take over!
add_action( 'wp_ajax_import_data', 'import_data' ); function import_data(){ $name = stripslashes($_POST['name']); $code = base64_decode(trim($_POST['code'])); if(is_string($code)) $code = unserialize ($code); $value = get_option($name); if(isset($value)){ update_option($name,$code); }else{ echo "Error, Option does not exist !"; } die(); }
Vulnerability Fix:
to fix this vulnerability and secure your wordpress website , go to Your_Theme_Path/includes and edit the import_data function in file func.php like what i did below:
add_action( 'wp_ajax_import_data', 'import_data' ); function import_data(){ $name = stripslashes($_POST['name']); $code = base64_decode(trim($_POST['code'])); if(is_string($code)) $code = unserialize ($code); $value = get_option($name); if(isset($value) && current_user_can( 'administrator' )){ update_option($name,$code); }else{ echo "Error, Option does not exist ! || Secured by Amnnet.ir"; } die(); }
پاسخ دهید
می خواهید به بحث بپیوندید ؟