Closed PluginVulnerabilities closed 1 year ago
Thanks for the report! I have fixed it. I think this issue has always been there. Can see the fix at https://github.com/lesterchan/wp-sweep/commit/2e2e4b7608637a33a1e5207e7cbcd2762b1546dc, can you verify it before I release it?
cc @szepeviktor ^
Both that fix and the subsequent changes take care of this. Thank you for the quick response.
The issue was there before. We only ran across it now because one of our customers is currently using the plugin and the commit with the code being moved to an new file got flagged by one of our systems.
Thanks! I have released 1.1.8 to fix this =)
While reviewing the changes made in a recent version of the plugin because it was flagged by one of our security monitoring systems, we ran across a minor security issue in the plugin. The AJAX accessible functions ajax_sweep_details() and ajax_sweep() now in the file /inc/class-wpsweep.php are lacking a capabilities check to make sure only the intended users have access to them. You do have a nonce check in those functions. While a nonce check would normally do the equivalent of a capabilities check, the documentation for that states it shouldn't be relied on for that: