Headline
CVE-2023-3166: Changeset 2923581 for lana-email-logger – WordPress Plugin Repository
The Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, Lana Email Logger due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Timestamp:
06/08/2023 05:44:10 PM (5 weeks ago)
lanacodes
Message:
Version update
Location:
lana-email-logger/trunk
Files:
- assets/css/lana-email-logger-admin.css (1 diff)
- includes/class-lana-email-logger-logs-list-table.php (5 diffs)
- lana-email-logger.php (4 diffs)
- readme.txt (5 diffs)
Legend:
Unmodified
Added
Removed
lana-email-logger/trunk/assets/css/lana-email-logger-admin.css
r2642710
r2923581
8
8
body.admin\_page\_lana-email-view #poststuff #post-body-content pre {
9
9
font-family: inherit;
10
overflow: auto;
10
11
}
11
12
lana-email-logger/trunk/includes/class-lana-email-logger-logs-list-table.php
r2642710
r2923581
86
86
\*/
87
87
public function column\_cb( $item ) {
88
return sprintf( '<input type="checkbox" name="lana\_email\_logger\_log\[\]" value="%s" />', $item->id );
88
return sprintf( '<input type="checkbox" name="lana\_email\_logger\_log\[\]" value="%s" />', esc\_attr( $item->id ) );
89
89
}
90
90
…
…
100
100
$log\_view\_url = esc\_url( admin\_url( 'admin.php?page=lana-email-view.php&id=' . $item->id ) );
101
101
102
return sprintf( '<a href="%s">#%s – %s</a>', $log\_view\_url, $item->id, $item->subject );
102
return sprintf( '<a href="%s">#%s – %s</a>', $log\_view\_url, esc\_html( $item->id ), esc\_html( $item->subject ) );
103
103
}
104
104
…
…
121
121
$user\_edit\_url = esc\_url( admin\_url( 'user-edit.php?user\_id=' . $user->ID ) );
122
122
123
return sprintf( '<a href="%s">%s – %s</a>', $user\_edit\_url, $user->user\_login, $user->user\_email );
123
return sprintf( '<a href="%s">%s – %s</a>', $user\_edit\_url, esc\_html( $user->user\_login ), esc\_html( $user->user\_email ) );
124
124
}
125
125
…
…
132
132
\*/
133
133
public function column\_email\_to( $item ) {
134
return $item->email\_to;
134
return esc\_html( $item->email\_to );
135
135
}
136
136
…
…
150
150
$date\_content = sprintf( \_\_( '%s ago', 'lana-email-logger' ), human\_time\_diff( strtotime( $item->date ), current\_time( 'timestamp' ) ) );
151
151
152
return sprintf( '<time title="%s">%s</time>', $date\_title, $date\_content );
152
return sprintf( '<time title="%s">%s</time>', esc\_attr( $date\_title ), esc\_html( $date\_content ) );
153
153
}
154
154
lana-email-logger/trunk/lana-email-logger.php
r2740125
r2923581
2
2
/\*\*
3
3
\* Plugin Name: Lana Email Logger
4
\* Plugin URI: http://lana.codes/lana-product/lana-email-logger/
4
\* Plugin URI: https://lana.codes/product/lana-email-logger/
5
5
\* Description: Logs all emails sent by WordPress.
6
\* Version: 1.0.2
6
\* Version: 1.1.0
7
7
\* Author: Lana Codes
8
\* Author URI: http://lana.codes/
8
\* Author URI: https://lana.codes/
9
9
\* Text Domain: lana-email-logger
10
10
\* Domain Path: /languages
…
…
12
12
13
13
defined( 'ABSPATH' ) or die();
14
define( 'LANA\_EMAIL\_LOGGER\_VERSION', '1.0.2' );
14
define( 'LANA\_EMAIL\_LOGGER\_VERSION', '1.1.0' );
15
15
define( 'LANA\_EMAIL\_LOGGER\_DIR\_URL', plugin\_dir\_url( \_\_FILE\_\_ ) );
16
16
define( 'LANA\_EMAIL\_LOGGER\_DIR\_PATH', plugin\_dir\_path( \_\_FILE\_\_ ) );
…
…
450
450
451
451
<hr/>
452
<a href="<?php echo esc\_url( 'http://lana.codes/' ); ?>" target="\_blank">
452
<a href="<?php echo esc\_url( 'https://lana.codes/' ); ?>" target="\_blank">
453
453
<img src="<?php echo esc\_url( LANA\_EMAIL\_LOGGER\_DIR\_URL . '/assets/img/plugin-header.png' ); ?>"
454
454
alt="<?php esc\_attr\_e( 'Lana Codes', 'lana-email-logger' ); ?>"/>
…
…
607
607
global $wpdb;
608
608
609
$email\_to = $mail\['to'\];
610
$subject = $mail\['subject'\];
609
$email\_to = sanitize\_email( $mail\['to'\] );
610
$subject = sanitize\_text\_field( $mail\['subject'\] );
611
611
$message = wp\_strip\_all\_tags( $mail\['message'\] );
612
612
$headers = $mail\['headers'\];
lana-email-logger/trunk/readme.txt
r2740125
r2923581
1
1
\=== Lana Email Logger ===
2
2
Contributors: lanacodes
3
Donate link: https://www.paypal.com/donate/?hosted\_button\_id=F34PNECNYHSA4
3
4
Tags: email, wp mail, send email, log email, logger
4
5
Requires at least: 4.0
5
Tested up to: 6.0
6
Stable tag: 1.0.2
6
Tested up to: 6.2
7
Stable tag: 1.1.0
7
8
Requires PHP: 5.3
8
9
License: GPLv2 or later
…
…
16
17
17
18
\= Lana Codes =
18
\[Lana Email Logger\](http://lana.codes/lana-product/lana-email-logger/)
19
\[Lana Email Logger\](https://lana.codes/product/lana-email-logger/)
19
20
20
21
\== Installation ==
…
…
38
39
39
40
\= Lana Codes =
40
\[Support\](http://lana.codes/contact/)
41
\[Support\](https://lana.codes/contact/)
41
42
42
43
\= WordPress Forum =
…
…
49
50
50
51
\== Changelog ==
52
53
\= 1.1.0 =
54
\* security (CVE-2023-3166): fixed stored XSS vulnerability (thanks to Alex Thomas)
55
\* bugfix email view message overflow
51
56
52
57
\= 1.0.2 =
…
…
61
66
\== Upgrade Notice ==
62
67
68
\= 1.1.0 =
69
This version fixes a security vulnerability. Upgrade recommended.
70
63
71
\= 1.0.2 =
64
72
This version fixes settings link.
Note: See TracChangeset for help on using the changeset viewer.