Critical vulnerability fixed in all in one SEO plugin version 4.1.5.3

   28 May 2022  Leave a Comment on Critical vulnerability fixed in all in one SEO plugin version 4.1.5.3
Share: TwitterFacebookLinkedin

Contains a very subtle error that allows users of lower privileged accounts (such as subscribers) to be granted access to all individual endpoints registered by the plug-in. The
The api::validateaccess() method depends on the rest API path in the request and knows the permission check applied to the given request. WordPress does not take into account that rest API paths are treated as case insensitive strings, so changing a single character to uppercase can completely bypass the permission checking routine. This is particularly worrying because some endpoints of the plug-in are very sensitive. For example, the aioseo\/v1\/htaccess endpoint is site. Htaccess can be rewritten to anything. Attackers exploit this feature maliciously. You can hide the htaccess back door and run malicious code on the server. The
Versions affected by validation SQL injection: all versions between and including 4.1.3.1 and 4.1.5.2. Cve-id: cve-2021-25037 cvssv3.1: 7.7 cwss: 80.4 male\/**
*Searches for posts or terms by id\/name
*The
*@since 4.0.0
*The
*@param \wp\u rest\u request $request the rest request
*@return \wp\u response the response
*\/The
Public static function searchforobjects ($request){
$body = $request->get\u json\u params();
If (empty ($body[‘query’]){
Return new \wp\u response ([
‘success’= > false,
‘message’= >’No search term was provided.’
], 400);
}The
If (empty ($body[‘type’]){
Return new \wp\u response ([
‘success’= > false,
‘message’= >’No type was provided.’
], 400);
}The
$searchquery = aioseo() ->db->db->esc\u like ($body[‘query’]);
$objects = [];
$dynamicoptions = aioseo() – >dynamicoptions->noconflict();
If (‘posts’===$body[‘type’]){
$posttypes = aioseo() ->helpers->getpublicposttypes (true);
Foreach ($posttypes as $posttype){
\/\/Check if post type isn’t noindexed
If ($dynamicoptions->searchappearance->posttypes->has ($posttype) & &$ Dynamicoptions->searchappearance->posttypes->$posttype->show){
$posttypes = aioseo() ->helpers->unsetvalue ($posttypes, $posttype);
}The
}The
$objects = aioseo() ->db
->Start (‘posts’)
->Select (‘id, post\u type, post\u title, post\u name’)
->Whereraw (\

Author:

Leave a Reply

Your email address will not be published. Required fields are marked *