Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-5308: inline-button.php in podcast-subscribe-buttons/tags/1.4.8/template-parts – WordPress Plugin Repository

The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘podcast_subscribe’ shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
Open in Source
#xss#web#wordpress#php#auth

Last change on this file was 2953663, checked in by , 2 months ago

update podverse icon

File size: 3.4 KB

Line

1

<?php

2

/**

3

* @package slt

4

*/

5

?>

6

7

8

<?php

9

    $secondline\_psb\_subscribe\_entries \= $atts\[ SECONDLINE\_PSB\_PREFIX . 'repeat\_subscribe' \];

10

11

    if(!empty($secondline\_psb\_subscribe\_entries)) {

12

            echo '<div class="secondline-psb-subscribe-inline">';

13

            foreach ( (array) $secondline\_psb\_subscribe\_entries as $key \=> $entry ) {

14

15

                    $secondline\_psb\_link \= $secondline\_psb\_platform\_slt \= '';

16

17

                    if ( isset( $entry\['secondline\_psb\_subscribe\_platform'\] ) ) {

18

                            $secondline\_psb\_platform\_slt \= esc\_html( $entry\['secondline\_psb\_subscribe\_platform'\] );

19

                            $secondline\_psb\_platform\_text \= str\_replace("-", " ", $secondline\_psb\_platform\_slt);

20

                    }

21

                    if ( isset( $entry\['secondline\_psb\_subscribe\_url'\] ) ) {

22

                            $secondline\_psb\_link \= esc\_html( $entry\['secondline\_psb\_subscribe\_url'\] );

23

                    }

24

                    if ( isset( $entry\['secondline\_psb\_custom\_link\_label'\] ) ) {

25

                            $custom\_label\_secondline \= esc\_html( $entry\['secondline\_psb\_custom\_link\_label'\] );

26

                    } else {

27

                            $custom\_label\_secondline \= $secondline\_psb\_link;

28

                    }

29

                    if(($secondline\_psb\_link != '') && ($secondline\_psb\_platform\_slt != '') && ($secondline\_psb\_platform\_slt != 'custom') ) {

30

                            echo '<span class="secondline-psb-subscribe-'.esc\_attr($secondline\_psb\_platform\_slt).'"><a onMouseOver="this.style.color=\`'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'text\_color\_hover'\]) .'\`; this.style.backgroundColor=\`'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'background\_color\_hover'\]) .'\`" onMouseOut="this.style.color=\`'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'text\_color'\]) .'\`; this.style.backgroundColor=\`'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'background\_color'\]) .'\`" style="color:'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'text\_color'\]) .'; background-color:'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'background\_color'\]) .'" class="button podcast-subscribe-button" href="' . esc\_url($secondline\_psb\_link) . '" target="\_blank"><img class="secondline-psb-subscribe-img" src="'. SECONDLINE\_PSB\_SUBSCRIBE\_ELEMENTS\_URL .'assets/img/icons/' . esc\_attr($secondline\_psb\_platform\_slt) . secondline\_psb\_icon\_extension( $secondline\_psb\_platform\_slt ) .'" alt="' . esc\_attr($secondline\_psb\_platform\_text) . '" />' . esc\_html($secondline\_psb\_platform\_text) . '</a></span>';

31

                    } elseif(($secondline\_psb\_link != '') && ($secondline\_psb\_platform\_slt \== 'custom') ) {

32

                            echo '<span class="secondline-psb-subscribe-'.esc\_attr($secondline\_psb\_platform\_slt).'"><a onMouseOver="this.style.color=\`'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'text\_color\_hover'\]) .'\`; this.style.backgroundColor=\`'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'background\_color\_hover'\]) .'\`" onMouseOut="this.style.color=\`'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'text\_color'\]) .'\`; this.style.backgroundColor=\`'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'background\_color'\]) .'\`" style="color:'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'text\_color'\]) .'; background-color:'. esc\_attr($atts\[ SECONDLINE\_PSB\_PREFIX . 'background\_color'\]) .'" class="button podcast-subscribe-button" href="' . esc\_url($secondline\_psb\_link) . '" target="\_blank"><img class="secondline-psb-subscribe-img" src="'. SECONDLINE\_PSB\_SUBSCRIBE\_ELEMENTS\_URL .'assets/img/icons/' . esc\_attr($secondline\_psb\_platform\_slt) . secondline\_psb\_icon\_extension( $secondline\_psb\_platform\_slt ) .'" alt="' . esc\_attr($custom\_label\_secondline) . '" />' . esc\_html($custom\_label\_secondline) . '</a></span>';

33

                    }

34

            }

35

            echo '</div>'; //

36

    }

37

?>

Note: See TracBrowser for help on using the repository browser.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE