Headline
CVE-2021-39318: h5p-css-editor.php in h5p-css-editor/tags/1.0 – WordPress Plugin Repository
The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.
1<?php2/*3Plugin Name: H5P CSS Editor4Plugin URI: 5Description: This plugin allow you to change the style of your H5P editor to match the style of your site.6Author: Ian Howatson7Version: 1.08Text Domain: h5p-css-editor9Author URI: 10Date: 02/03/20171112Copyright 2017 Ian Howatson (email : [email protected])1314This program is free software; you can redistribute it and/or modify15it under the terms of the GNU General Public License, version 2, as 16published by the Free Software Foundation.1718This program is distributed in the hope that it will be useful,19but WITHOUT ANY WARRANTY; without even the implied warranty of20MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the21GNU General Public License for more details.2223You should have received a copy of the GNU General Public License24along with this program; if not, write to the Free Software25Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA26*/27function h5p_css_editor(&$styles, $libraries, $mode) {28 if ($mode === ‘editor’) {29 $styles[] = (object) array(30 ‘path’ => plugins_url() . '/h5p-css-editor/h5p-css-editor.css’,31 ‘version’ => '?ver=0.1’32 );33 }34}35add_action('h5p_alter_library_styles’, 'h5p_css_editor’, 10, 3);36add_action('admin_menu’, ‘h5p_css_editor_submenu’);37function h5p_css_editor_submenu() {38 add_menu_page('H5P CSS Editor’, 'H5P CSS Editor’, 'manage_options’, 'hp5-css-editor’, ‘h5p_css_editor_callback’);39 //add_submenu_page( 'h5p’, 'H5P CSS Editor’, 'H5P CSS Editor’, 'manage_options’, ‘custompage’, ‘h5p_css_editor_callback’);40}41function h5p_css_editor_callback() {42 if(isset($_POST[‘h5p-css-file’])) file_put_contents(plugin_dir_path(__FILE__).’h5p-css-editor.css’, $_POST[‘h5p-css-file’]); 43 $css_file = file_get_contents(plugin_dir_path(__FILE__).’h5p-css-editor.css’);44 ?>45 <h2><?php _e('CSS Editor’, ‘h5p-css-editor’); ?></h2>46 <form enctype="multipart/form-data" method="post" action="#" >47 <table class="table form-table mdocs-settings-table">48 <tr>49 <td>50 <textarea rows="75" cols="100%" name="h5p-css-file"><?php echo $css_file; ?></textarea><br>51 <input style="margin:15px;" type="submit" class="button-primary" value="<?php _e(‘Save Changes’,’memphis-documents-library’) ?>" />52 </td>53 </tr>54 </table>55 </form>56 <?php57}58?>