Check nonce while profile image and cover image crop

wpdev10 · wpdev10 · commit e4f52085e164 · 2026-01-20T19:00:35.000+05:30
diff --git a/includes/class-profile.php b/includes/class-profile.php
@@ -1509,8 +1509,17 @@ public function add_uwp_plupload_param( $params ) {
 	 * @return      void
 	 */
 	public function ajax_avatar_banner_upload() {
-		// Image upload handler
-		// todo: security checks
+
+        if ( ! isset( $_POST['security'] ) || ! wp_verify_nonce( $_POST['security'], 'uwp_avatar_banner_upload_nonce' ) ) {
+            $result['error'] = aui()->alert( array(
+                'type'    => 'danger',
+                'content' => __( "Security check failed.", "userswp" )
+            ) );
+            $return          = json_encode( $result );
+            echo $return; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+            die();
+        }
+
 		$type   = strip_tags( esc_sql( $_POST['uwp_popup_type'] ) );
 		$result = array();
 
@@ -1764,6 +1773,8 @@ public function crop_submit_form( $type = 'avatar' ) {
 
 		$content_wrap = $design_style == 'bootstrap' ? '.uwp-profile-image-change-modal .modal-content' : '#uwp-popup-modal-wrap';
 		$bg_color = apply_filters('uwp_crop_image_bg_color', '', $type);
+
+        $ajax_nonce = wp_create_nonce( 'uwp_avatar_banner_upload_nonce' );
 		?>
 
         <script type="text/javascript">
@@ -1805,6 +1816,8 @@ public function crop_submit_form( $type = 'avatar' ) {
                         // our AJAX identifier
                         fd.append('action', 'uwp_avatar_banner_upload');
                         fd.append('uwp_popup_type', '<?php echo esc_attr( $type ); ?>');
+                        // Add nonce for security
+                        fd.append('security', '<?php echo esc_js( $ajax_nonce ); ?>');
 
                         $("#progressBar").show().removeClass('d-none');
 
@@ -1853,7 +1866,8 @@ public function crop_submit_form( $type = 'avatar' ) {
                                         minSize: [uwp_full_width, uwp_full_height]
                                     });
                                 }
-                            }
+                            },
+
                         });
                     });
 
diff --git a/readme.txt b/readme.txt
@@ -152,8 +152,9 @@ Yes, you can customize it with Elementor, but also with Gutenberg, Divi, Beaver
 
 == Changelog ==
 
-= 1.2.54 - 2026-TBD =
+= 1.2.54 - 2026-01-TBD =
 * Max entries per csv file option in Import/Export setting not showing options - FIXED
+* Check nonce while profile image and cover image crop - FIXED/SECURITY
 
 = 1.2.53 - 2026-01-08 =
 * Prevent duplicate event handlers in registration form switcher causing multiple AJAX requests - FIXED
