[wp-trac] [WordPress Trac] #46705: Harden WP core against "update option" endpoint vulnerabilities
WordPress Trac
noreply at wordpress.org
Thu Mar 28 19:46:36 UTC 2019
#46705: Harden WP core against "update option" endpoint vulnerabilities
--------------------------------+-----------------------------
Reporter: tsewlliw | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Options, Meta APIs | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------------+-----------------------------
A fairly frequent problem is plugins failing to perform nonce and
permission checks on endpoints servicing their admin pages. Following
discovery of such a vulnerability it is usually very straightforward for
an attacker to perform a large scale attack defacing or establishing
persistent administrative access by modifying the options `siteurl`,
`default_role`, `users_can_register`, and likely more.
I propose that all updates to these selected critical options in a web
context warrant validating there has been a nonce verification and the
current user has the capability to manage_options. This would force an
attacker to follow a more difficult exploit path, potentially preventing
large scale exploitation of these issues.
The goal I have in mind here is not to be bulletproof, just to defend
against a seemingly common bug class.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46705>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list