This plugin is really unsafe to use (Unautheticated injection) | WordPress.org

Resolved Robert S.
(@robsat91)

10 years, 1 month ago

Hello!

I have to propose a edit-request to this plugin.
In the file “index.php” on the line 188 the hook “wp_ajax_nopriv_*” is added and referenced to the save-function “se_save”.
This hook is the non-private ajax-hook. This means that anyone, without beeing logged in, with the correct request data, can do a post request and do injection to the sites header and footer.

I have tried this myself and unfortunately it works. This opens up for everything from simple site defacing to keylogging of login forms etc.

The best thing is to remove the contents of line 188 to remove the public ajax-hook.
The plugin will still work as you have the authenticated ajax-hook added as well.

Hope to hear from the author of this plugin! 🙂

https://wordpress.org/plugins/safe-editor/

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter Robert S.
(@robsat91)

10 years, 1 month ago

Hello again.

I see that this is not an issue anymore as it is fixed in the current version (1.2.1).
Nice job 🙂

Thread Starter Robert S.
(@robsat91)

10 years ago

Resolved.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘This plugin is really unsafe to use (Unautheticated injection)’ is closed to new replies.

2 replies
1 participant
Last reply from: Robert S.
Last activity: 10 years ago
Status: resolved