Sensitive Data Exposure
Introduction
This article covers ways to secure the code from the Sensitive Data Exposure vulnerability on WordPress. Before returning the requested information to the user, ensure to check whether the user has the permission to view the resource.
How to secure Actions
It is necessary to be aware of the data being returned to the user before proceeding with returning the data. For example, if an Ajax hook is implemented to return the post information, it is necessary to check whether the post is publicly accessible for unauthenticated users. For higher privileged users like administrators, any post type can be returned. Apply a manual logic check for all the features that require the retrieval of data.
add_action("wp_ajax_nopriv_view_course", "view_course");
function view_course(){ $course_id = urldecode( $_POST['course_id'] ?? '' );
if ( empty( $course_id ) ) { wp_send_json_error( [ 'message' => 'Invalid Course ID' ] ); }
$course = get_post( $course_id );
if ( ! $course || 'publish' !== get_post_status( $course ) ) { wp_send_json_error( [ 'message' => 'Course not found' ] ); }
wp_send_json_success( [ 'id' => $course->ID, 'title' => $course->post_title, 'content' => $course->post_content, 'excerpt' => $course->post_excerpt, 'url' => get_permalink( $course->ID ), ] );};
In the above example, the strict check for the βpublishβ status of the post prevents malicious users from accessing the sensitive data.
How to secure Logs
If the log file with a predictable filename and publicly accessible directory is used, it can lead to sensitive data exposure. In order to prevent it, there are multiple ways of implementing the log file.
Log filename randomization
One way to fix this is to use a random name for the log file. This way, an attacker wonβt be able to predict or find the log even if itβs in the publicly accessible directory.
function write_sensitive_log($message) { $unique_id = hash('sha256', get_current_user_id() . date('Y-m-d-H')); $log_file = WP_CONTENT_DIR . '/debug-' . $unique_id . '.log'; // Unpredictable file_put_contents($log_file, $message . "\n", FILE_APPEND);}
add_action('init', function() { if (is_user_logged_in()) { $current_user = wp_get_current_user(); $email = $current_user->user_email; write_sensitive_log('User email: ' . $email); }});
Adding an .htaccess file
The use of an .htaccess
file can prevent attackers from publicly accessing the log file.
function write_sensitive_log_secure($message) { $upload_dir = wp_upload_dir(); $log_dir = $upload_dir['basedir'] . '/debug-logs';
if (!file_exists($log_dir)) { wp_mkdir_p($log_dir);
file_put_contents($log_dir . '/.htaccess', "Deny from all\n"); // Prevent read access }
$log_file = $log_dir . '/secure-log.log';
file_put_contents($log_file, $message . "\n", FILE_APPEND | LOCK_EX);}
add_action('init', function() { if (is_user_logged_in()) { $current_user = wp_get_current_user(); $email = $current_user->user_email; write_sensitive_log_secure('User email: ' . $email); }});
Contributors
