Ian Dunn: All Plugins - Direct file access to plugin files Vulnerability

2016-09-28T11:55:52
ID H1:172618
Type hackerone
Reporter iamsha4yan
Modified 2016-10-06T17:18:31

Description

Hello

What is direct file access

Direct file access is when someone directly queries your file. This can be done by simply entering the complete path to the file in the URL bar of the browser but can also be done by doing a POST request directly to the file. For files that only contain a PHP class the risk of something funky happening when directly accessed is pretty small. For files that contain procedural code, functions and function calls, the chance of security risks is a lot bigger. In all of your plugins can have a direct access to plugin files.

with this vulnerability can access to some vulnerability example this : #172609.

Fix:

Luckily it’s easy to prevent direct access to your files. In your wp-config.php file the constant ABSPATH is set. By checking if the constant is set at the top of your plugin file you can check if your wp-config.php file was loaded what should mean that WordPress is loaded. If your file is directly accessed this won’t be the case and the script will abort. Adding this code snippet to the top of your files will prevent direct file access to them. if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly Not sure if your files are directly accessible? Be sure to check them! I hope this helped you in making your plugin more secure. Missing something? Found a problem? Got an improvement? Please let me know in the comments below.

Reference :

http://www.barrykooij.com/prevent-direct-file-access-plugin-files/