You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Description: Fixes Critical Arbitrary File Upload Vulnerability (RCE) in Energia Theme <= 1.1.2 by overriding the vulnerable function with a secure version.
* Version: 1.1.0
* Author: Security Patch
* Author URI: https://example.com
* License: GPLv2 or later
*/
// Prevent direct access
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/**
* Override the vulnerable 'energia_get_started' function.
* This works because the theme wraps its definition in `if ( ! function_exists(...) )`.
* Since mu-plugins load before the theme, this secure version will take precedence.
*/
functionenergia_get_started() {
// SECURITY FIX 1: Capability Check
// Only allow users who can install plugins to access this function.
// This blocks unauthenticated attackers (the main vulnerability) and low-privileged users.
if ( ! current_user_can( 'install_plugins' ) ) {
wp_send_json( [
'stt' => false,
'msg' => esc_html__( 'Permission denied. You are not authorized to perform this action.', 'energia' ),
'data' => [],
] );
die();
}
// SECURITY FIX 2: CSRF Protection (Optional but recommended)
// Note: Since the theme's JS does not send a nonce, enforcing check_ajax_referer() would break the feature.
// However, the Capability Check above effectively mitigates the RCE risk for the vast majority of scenarios.
// If you want to fix CSRF, you would also need to patch the JS file.