New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Unauthenticated user can upload files and replace featured images of any post #6

Open

d--j opened this issue Jun 1, 2023 · 0 comments

d--j commented Jun 1, 2023

The AJAX function set_bynder_featured_image has two big security flaws:

it is callable as unauthenticated user. Anybody can upload/sideload anything into the WordPress media library (remove add_action( 'wp_ajax_nopriv_bynder_featured', 'set_bynder_featured_image' ); – that is not necessary for your plugin)
the function does not do any permission checks. Anybody can upload files (no check of upload_files capability) and can set the featured image of any post (no check of edit_post_meta meta capability)

You should also add a nonce and a nonce check in this function to prevent CSRF attacks.

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment