漏洞概述 该漏洞涉及WordPress插件 中的 文件,具体位于 。漏洞类型为未授权的文件访问,攻击者可以通过构造特定的URL请求,访问并执行该文件中的代码,从而可能导致敏感信息泄露或远程代码执行。 影响范围 受影响版本: 插件版本2.3.0 影响组件: 文件 潜在风险:未授权的文件访问可能导致敏感信息泄露或远程代码执行 修复方案 1. 权限控制:确保 文件只能通过合法的WordPress请求访问,避免直接通过URL访问。 2. 输入验证:对所有输入数据进行严格的验证和过滤,防止恶意输入导致代码执行。 3. 更新插件:建议用户及时更新 插件到最新版本,以修复已知的安全漏洞。 POC代码 ```php 'var(--wp--preset--spacing--top)', 'right' => 'var(--wp--preset--spacing--right)', 'bottom' => 'var(--wp--preset--spacing--bottom)', 'left' => 'var(--wp--preset--spacing--left)', ]; // Handle WordPress theme color presets (any custom preset name) // WordPress themes can define custom color palettes in theme.json // Examples: "primary", "secondary", "accent", "custom-color" // Check if it's a valid color preset name (not a CSS color value) if (!empty($value) && !preg_match('/^#([a-fA-F0-9]{6} // If it's not a CSS color value, treat it as a theme preset // Convert to WordPress color class: "primary" -> "has-primary-color" $value = 'has-' . strtolower($value) . '-color'; } // Handle spacing presets like "var:preset if (strpos($value, 'var:preset $spacing_slug = str_replace('var:preset // Convert to WordPress CSS custom property format $value = 'var(--wp--preset--spacing--' . $spacing_slug . ')'; } // Handle color presets like "var:preset if (strpos($value, 'var:preset $color_slug = str_replace('var:preset $value = 'has-' . $color_slug . '-color'; } // If it's already a valid CSS value, return as is return $value; } / Get color value with fallback @param string $color_value The color value to check @param string $fallback The fallback color value @return string The color value or fallback / function wedocs_get_color_value($color_value, $fallback = '') { return $color_value && trim($color_value) !== '' ? $color_value : $fallback; } / Process WordPress color class and add to appropriate output @param string $spaced_color The parsed color value @param array $bg_classes Array of WordPress classes to add to @param string $css_variables CSS variables string to add to @param string $var_name The CSS variable name @param array $updated_wp_classes and css variables @return array Array with updated wp_classes and css_variables / function wedocs_process_wp_color_class($spaced_color, $bg_classes, $css_variables, $var_name = '') { if (!empty($spaced_color) && $spaced_color !== '') { $bg_classes[] = $spaced_color; } else { $css_variables .= '--' . $var_name . ': ' . esc_attr($spaced_color) . ';'; } return [$bg_classes, $css_variables]; } / Process WordPress background color class and add to appropriate output @param string $spaced_color The parsed color value @param array $bg_classes Array of WordPress classes to add to @param string $css_variables CSS variables string to add to @param string $var_name The CSS variable name @param array $updated_wp_classes and css variables @return array Array with updated wp_classes and css_variables / function wedocs_process_wp_background_color_class($spaced_color, $bg_classes, $css_variables, $var_name = '') { if (strpos($spaced_color, 'has-') === 0) { // Convert to background-color class $bg_class = str_replace('has-', 'background-color-', $spaced_color); $bg_classes[] = $bg_class; } else { $css_variables .= '--' . $var_name . ': ' . esc_attr($spaced_color) . ';'; } return [$bg_classes, $css_variables]; } / Generate connector line HTML @param array $tree_styles Tree styling options @param int $depth Current nesting level @param string $connector_color Connector color @return string HTML for connector line / function wedocs_generate_connector_line($tree_styles, $depth, $connector_color) { if ($depth '; } / Render wedocs sidebar @param array $attributes Block attributes @param string $content Block content @return string Rendered sidebar HTML */ function wedocs_render_wedocs_sidebar($attributes, $content) { $sections_order = $attributes['sectionsOrder'] ?? []; $sections_title_tag = $attributes['sectionsTitleTag'] ?? 'h2'; $section_title_tag = $attributes['sectionTitleTag'] ?? 'h3'; $section_order = $attributes['sectionOrder'] ?? []; $article_order = $attributes['articleOrder'] ?? []; $article_title_tag = $attributes['articleTitleTag'] ?? 'h4'; $enable_nested_articles = $attributes['enableNestedArticles'] ?? true; // Handle nested articles if ($enable_nested_articles === true) { $section_title_tag = $attributes['sectionTitleTag'] ?? 'h3'; $article_title_tag = $attributes['articleTitleTag'] ?? 'h4'; // Styling attributes $container_styles = $attributes['containerStyles'] ?? []; $section_styles = $attributes['sectionStyles'] ?? []; $tree_styles = $attributes['treeStyles'] ?? []; $toc_list_styles = $attributes['tocListStyles'] ?? []; $tree_styles = $attributes['treeStyles'] ?? []; $toc_list_styles = $attributes['tocListStyles'] ?? []; $toc_list_styles = $attributes['tocListStyles'] ?? []; $toc_list_styles = $attributes['tocListStyles'] ?? []; $toc_list_styles = $attributes['tocListStyles'] ?? []; $toc_list_styles = $attributes['tocListStyles'] ?? []; $toc_list_styles = $attributes['tocListStyles