From 7891b2ec8df42d6d83f5aaf0e30c9ddc4b3d1b2c Mon Sep 17 00:00:00 2001 From: Josh Date: Mon, 15 Sep 2025 09:59:11 +0100 Subject: [PATCH 1/4] update wordpress plugin for CVE-2025-58806 --- bugsnag.php | 12 ++++++++++++ views/settings.php | 3 ++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/bugsnag.php b/bugsnag.php index f5489ce..2c09ec3 100644 --- a/bugsnag.php +++ b/bugsnag.php @@ -280,6 +280,11 @@ public function pluginActionLinksFilter($links, $file) public function testBugsnag() { + // Verify nonce for CSRF protection + if (!wp_verify_nonce($_POST['_wpnonce'], 'test_bugsnag_nonce')) { + wp_die('Security check failed.'); + } + $this->apiKey = $_POST['bugsnag_api_key']; $this->notifySeverities = $_POST['bugsnag_notify_severities']; $this->filterFields = $_POST['bugsnag_filterfields']; @@ -300,6 +305,13 @@ public function testBugsnag() // Renderers public function renderSettings() { + if (!empty($_POST['action']) && $_POST['action'] == 'update') { + // Verify nonce for CSRF protection + if (!wp_verify_nonce($_POST['_wpnonce'], 'update-options')) { + wp_die('Security check failed. Please try again.'); + } + } + if (!empty($_POST['action']) && $_POST['action'] == 'update') { $this->updateNetworkSettings($_POST); } diff --git a/views/settings.php b/views/settings.php index 49bba55..8888404 100644 --- a/views/settings.php +++ b/views/settings.php @@ -108,7 +108,8 @@ action: 'test_bugsnag', bugsnag_api_key: $('#bugsnag_api_key').val(), bugsnag_notify_severities: $('#bugsnag_notify_severities').val(), - bugsnag_filterfields: $('#bugsnag_filterfields').val() + bugsnag_filterfields: $('#bugsnag_filterfields').val(), + _wpnonce: '' }; // since 2.8 ajaxurl is always defined in the admin header and points to admin-ajax.php From 5506d66281de18994cc80ee26aadb8f12aabbb09 Mon Sep 17 00:00:00 2001 From: Josh Date: Mon, 15 Sep 2025 13:23:32 +0100 Subject: [PATCH 2/4] bump version and changelog --- CHANGELOG.md | 4 ++++ bugsnag.php | 4 ++-- readme.txt | 6 +++--- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66d9ca3..3f8a8b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ Changelog ========= +## v1.7.0 (2025-09-15) + +* Fix CVE-2025-58806 + ## v1.6.3 (2023-07-13) * Fix PHP 8.2 deprecation notice diff --git a/bugsnag.php b/bugsnag.php index 2c09ec3..e489b7b 100644 --- a/bugsnag.php +++ b/bugsnag.php @@ -3,7 +3,7 @@ Plugin Name: Bugsnag Error Monitoring Plugin URI: https://bugsnag.com Description: Bugsnag monitors for errors and crashes on your wordpress site, sends them to your bugsnag.com dashboard, and notifies you by email of each error. -Version: 1.6.3 +Version: 1.7.0 Author: Bugsnag Inc. Author URI: https://bugsnag.com License: GPLv2 or later @@ -17,7 +17,7 @@ class Bugsnag_Wordpress private static $NOTIFIER = array( 'name' => 'Bugsnag Wordpress (Official)', - 'version' => '1.6.3', + 'version' => '1.7.0', 'url' => 'https://github.com/bugsnag/bugsnag-wordpress', ); diff --git a/readme.txt b/readme.txt index 8de36b4..a171c91 100644 --- a/readme.txt +++ b/readme.txt @@ -2,8 +2,8 @@ Contributors: loopj Tags: bugsnag, error, monitoring, exception, logging Requires at least: 2.0 -Tested up to: 6.3 -Stable tag: 1.6.3 +Tested up to: 6.8.2 +Stable tag: 1.7.0 License: GPLv2 or later Bugsnag is a WordPress plugin that automatically detects errors & crashes on your WordPress site, and notifies you by email, chat or issues system @@ -38,7 +38,7 @@ To manually install Bugsnag: == Changelog == -= 1.6.3 = += 1.7.0 = * Fix PHP 8.2 deprecation notice = 1.6.2 = From 4678f0450f05915d7a1ae149ffc16731f9402e71 Mon Sep 17 00:00:00 2001 From: Josh Date: Mon, 15 Sep 2025 13:35:38 +0100 Subject: [PATCH 3/4] update changelog with pr link --- CHANGELOG.md | 4 ++-- bugsnag.php | 4 ++-- readme.txt | 7 +++++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f8a8b6..d20aa3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,9 @@ Changelog ========= -## v1.7.0 (2025-09-15) +## v1.6.4 (2025-09-15) -* Fix CVE-2025-58806 +* Patch CVE-2025-58806 [#66](https://github.com/bugsnag/bugsnag-wordpress/pull/66) ## v1.6.3 (2023-07-13) diff --git a/bugsnag.php b/bugsnag.php index e489b7b..f527b01 100644 --- a/bugsnag.php +++ b/bugsnag.php @@ -3,7 +3,7 @@ Plugin Name: Bugsnag Error Monitoring Plugin URI: https://bugsnag.com Description: Bugsnag monitors for errors and crashes on your wordpress site, sends them to your bugsnag.com dashboard, and notifies you by email of each error. -Version: 1.7.0 +Version: 1.6.4 Author: Bugsnag Inc. Author URI: https://bugsnag.com License: GPLv2 or later @@ -17,7 +17,7 @@ class Bugsnag_Wordpress private static $NOTIFIER = array( 'name' => 'Bugsnag Wordpress (Official)', - 'version' => '1.7.0', + 'version' => '1.6.4', 'url' => 'https://github.com/bugsnag/bugsnag-wordpress', ); diff --git a/readme.txt b/readme.txt index a171c91..f9e34fa 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: loopj Tags: bugsnag, error, monitoring, exception, logging Requires at least: 2.0 Tested up to: 6.8.2 -Stable tag: 1.7.0 +Stable tag: 1.6.4 License: GPLv2 or later Bugsnag is a WordPress plugin that automatically detects errors & crashes on your WordPress site, and notifies you by email, chat or issues system @@ -38,7 +38,10 @@ To manually install Bugsnag: == Changelog == -= 1.7.0 = += 1.6.4 = +* Patch CVE-2025-58806 + += 1.6.3 = * Fix PHP 8.2 deprecation notice = 1.6.2 = From 02b2560da7216b4d288c30d81cf04a5c2ff096a9 Mon Sep 17 00:00:00 2001 From: Josh <46817760+joshedney@users.noreply.github.com> Date: Mon, 15 Sep 2025 13:51:54 +0100 Subject: [PATCH 4/4] Apply suggestion from @tomlongridge Co-authored-by: Tom Longridge --- bugsnag.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/bugsnag.php b/bugsnag.php index f527b01..f8c28e1 100644 --- a/bugsnag.php +++ b/bugsnag.php @@ -310,9 +310,6 @@ public function renderSettings() if (!wp_verify_nonce($_POST['_wpnonce'], 'update-options')) { wp_die('Security check failed. Please try again.'); } - } - - if (!empty($_POST['action']) && $_POST['action'] == 'update') { $this->updateNetworkSettings($_POST); }