Nixpkgs security tracker
4.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): Low (L)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
Canto <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification
The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions() function, which is exposed via two AJAX hooks: wp_ajax_updateOptions (class-canto.php line 231) and wp_ajax_fbc_updateOptions (class-canto-settings.php line 76). Both hooks are registered exclusively under the wp_ajax_ prefix (requiring only a logged-in user), with no call to current_user_can() or check_ajax_referer(). This makes it possible for authenticated attackers with subscriber-level access and above to arbitrarily modify or delete plugin options controlling cron scheduling behavior (fbc_duplicates, fbc_cron, fbc_schedule, fbc_cron_time_day, fbc_cron_time_hour, fbc_cron_start) and to manipulate or clear the plugin's scheduled WordPress cron event (fbc_scheduled_update).
References
Affected products
- =<3.1.1
Matching in nixpkgs
pkgs.cantoolz
Black-box CAN network analysis framework
pkgs.canto-curses
Ncurses-based console Atom/RSS feed reader
pkgs.canto-daemon
Daemon for the canto Atom/RSS feed reader
pkgs.kdePackages.cantor
Front end to powerful mathematics and statistics packages
pkgs.typstPackages.auto-canto
Automatic conversion to Cantonese romanizations from Chinese characters
pkgs.python312Packages.cantools
Tools to work with CAN bus
pkgs.python313Packages.cantools
Tools to work with CAN bus
pkgs.python314Packages.cantools
Tools to work with CAN bus
pkgs.typstPackages.canto-parser
A package for displaying Cantonese characters with Jyutping (粵拼) / Yale (耶魯) from raw JSON data
pkgs.haskellPackages.cantor-pairing
Convert data to and from a natural number representation
pkgs.typstPackages.auto-canto_0_2_3
Automatic conversion to Cantonese romanizations from Chinese characters
pkgs.typstPackages.canto-parser_0_2_1
A package for displaying Cantonese characters with Jyutping (粵拼) / Yale (耶魯) from raw JSON data
Package maintainers
-
@devhell devhell <"^"@regexmail.net>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@K900 Ilya K. <me@0upti.me>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@gray-heron Cezary Siwek <ave+nix@cezar.info>
-
@cherrypiejam Gongqi Huang
-
@RossSmyth Ross Smyth