[wp-trac] [WordPress Trac] #62449: Bypassable Sanitization in the restfulAPI, which lead to the

WordPress Trac noreply at wordpress.org
Tue Nov 19 21:37:46 UTC 2024


#62449: Bypassable Sanitization in the restfulAPI, which lead to the
--------------------------+-----------------------
 Reporter:  samjhuseclab  |       Owner:  (none)
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:
Component:  REST API      |     Version:
 Severity:  normal        |  Resolution:  invalid
 Keywords:                |     Focuses:  rest-api
--------------------------+-----------------------

Comment (by samjhuseclab):

 Replying to [comment:1 johnbillion]:
 > Thanks for the report @samjhuseclab, but this issue depends on an
 attacker having the ability to insert malicious PHP code into a plugin. If
 they're able to do that then they're free to attack the site in any way
 they wish, which renders this issue moot. There are no doubt hundreds of
 places in WordPress where data and output passes through filters after
 sanitisation.
 >
 > I'll close this ticket off. If you think there is another valid attack
 vector to this that doesn't involve the attacker having the ability to
 insert PHP that they control then please get in touch with the security
 team via HackerOne as per https://make.wordpress.org/core/handbook/testing
 /reporting-security-vulnerabilities/ . Thanks.

 Hi Johnbillion,

 Thank you for your quick response and thoughtful explanation.

 We understand your perspective that this issue assumes an attacker can
 insert malicious PHP code into a plugin. However, our primary concern is
 that the current WordPress core design might inadvertently enable
 scenarios where plugin developers—intentionally or
 unintentionally—introduce backdoors. This is because the triggering code
 appears benign within the plugin itself, while the actual sink functions
 that cause the issue reside in the Core code.

 This creates a unique challenge: tools analyzing plugins in isolation are
 unlikely to detect such issues, as the problematic behavior only emerges
 when combined with the Core’s sink functions. This makes identifying and
 mitigating these risks significantly harder.

 This issue can be addressed in the Core with just a few lines of
 additional code. By doing so, WordPress Core can become more robust
 against such scenarios, simplifying security audits for plugin developers.

 Thank you again for your time and consideration!

 Best regards,
 Sam

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62449#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list