[wp-trac] [WordPress Trac] #62449: Bypassable Sanitization in the restfulAPI, which lead to the
WordPress Trac
noreply at wordpress.org
Tue Nov 19 21:37:46 UTC 2024
#62449: Bypassable Sanitization in the restfulAPI, which lead to the
--------------------------+-----------------------
Reporter: samjhuseclab | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: REST API | Version:
Severity: normal | Resolution: invalid
Keywords: | Focuses: rest-api
--------------------------+-----------------------
Comment (by samjhuseclab):
Replying to [comment:1 johnbillion]:
> Thanks for the report @samjhuseclab, but this issue depends on an
attacker having the ability to insert malicious PHP code into a plugin. If
they're able to do that then they're free to attack the site in any way
they wish, which renders this issue moot. There are no doubt hundreds of
places in WordPress where data and output passes through filters after
sanitisation.
>
> I'll close this ticket off. If you think there is another valid attack
vector to this that doesn't involve the attacker having the ability to
insert PHP that they control then please get in touch with the security
team via HackerOne as per https://make.wordpress.org/core/handbook/testing
/reporting-security-vulnerabilities/ . Thanks.
Hi Johnbillion,
Thank you for your quick response and thoughtful explanation.
We understand your perspective that this issue assumes an attacker can
insert malicious PHP code into a plugin. However, our primary concern is
that the current WordPress core design might inadvertently enable
scenarios where plugin developers—intentionally or
unintentionally—introduce backdoors. This is because the triggering code
appears benign within the plugin itself, while the actual sink functions
that cause the issue reside in the Core code.
This creates a unique challenge: tools analyzing plugins in isolation are
unlikely to detect such issues, as the problematic behavior only emerges
when combined with the Core’s sink functions. This makes identifying and
mitigating these risks significantly harder.
This issue can be addressed in the Core with just a few lines of
additional code. By doing so, WordPress Core can become more robust
against such scenarios, simplifying security audits for plugin developers.
Thank you again for your time and consideration!
Best regards,
Sam
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62449#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list