Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-5062: wordpress_charts_js.php in wp-charts/tags/0.7.0 – WordPress Plugin Repository

The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘wp_charts’ shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
#xss#web#redis#js#java#wordpress#php#auth

1<?php2/*3Plugin Name: WordPress Charts4Plugin URI: http://wordpress.org/plugins/wp-charts/5Description: Create amazing HTML5 charts easily in WordPress. A flexible and lightweight WordPress chart plugin including 6 customizable chart types (line, bar, pie, radar, polar area and doughnut types) as well as a fallback to provide support for older IE. Incorporates the fantastic chart.js script : http://www.chartjs.org/6Version: 0.7.07Author: OzTheGreat (WPArtisan)8Author URI: https://wpartisan.me9*/1011/**12 * Copyright © 2019- WPArtisan. All rights reserved.13 * Copyright © 2013-2018 WebFactory Ltd. All rights reserved.14 * Copyright © 2013 WebFactory Ltd. All rights reserved.15 *16 * Released under the GPLv2 license17 * http://www.gnu.org/licenses/gpl-2.0.html18 *19 * This is an add-on for WordPress20 * http://wordpress.org/21 *22 *23 * **********************************************************************24 * This program is free software; you can redistribute it and/or modify25 * it under the terms of the GNU General Public License as published by26 * the Free Software Foundation; either version 2 of the License, or27 * (at your option) any later version.28 *29 * This program is distributed in the hope that it will be useful,30 * but WITHOUT ANY WARRANTY; without even the implied warranty of31 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the32 * GNU General Public License for more details.33 * **********************************************************************34 *35 *36 */3738define( 'WP_CHARTS_URL’, trailingslashit( plugins_url('’, __FILE__) ));39define( 'WP_CHARTS_PATH’, trailingslashit( plugin_dir_path( __FILE__) ) );40define( 'WP_CHARTS_BASENAME’, plugin_basename( __FILE__) );4142include WP_CHARTS_PATH.’inc/charts-widget.php’;43if ( is_admin() ) {44 include WP_CHARTS_PATH.’inc/admin/admin.php’;45}46474849/**50 * Add IE Fallback for HTML5 and canvas51 * @since Unknown52 */53function wp_charts_html5_support () {54 echo '<!–[if lte IE 8]>’;55 echo '<script src="’.plugins_url( '/js/excanvas.compiled.js’, __FILE__ ).’"></script>’;56 echo '<![endif]–>’;57 echo ' <style>58 /*wp_charts_js responsive canvas CSS override*/59 .wp_charts_canvas {60 width:100%!important;61 max-width:100%;62 }6364 @media screen and (max-width:480px) {65 div.wp-chart-wrap {66 width:100%!important;67 float: none!important;68 margin-left: auto!important;69 margin-right: auto!important;70 text-align: center;71 }72 }73 </style>’;74}7576/**77 * Register Script78 *79 * @since Unknown80 */81function wp_charts_load_scripts( $force = false ) {8283 if ( ! is_admin() || $force ) {84 // WP Scripts85 wp_enqueue_script( ‘jquery’ );8687 // Register plugin Scripts88 wp_register_script( ‘charts-js’, WP_CHARTS_URL.’js/Chart.min.js’ );89 wp_register_script( 'wp-chart-functions’, WP_CHARTS_URL.’/js/functions.js’, array( ‘jquery’ ) ,’’, true );9091 // Enqueue those suckers92 wp_enqueue_script( ‘charts-js’ );93 wp_enqueue_script( ‘wp-chart-functions’ );94 }9596}9798if ( !function_exists(‘wp_charts_compare_fill’) ) {99 /**100 * Make sure there are the right number of colors in the colour array101 * @since Unknown102 *103 * @param $measure104 * @param $fill105 */106 function wp_charts_compare_fill(&$measure,&$fill) {107 // only if the two arrays don’t hold the same number of elements108 if (count($measure) != count($fill)) {109 // handle if $fill is less than $measure110 while (count($fill) < count($measure) ) {111 $fill = array_merge( $fill, array_values($fill) );112 }113 // handle if $fill has more than $measure114 $fill = array_slice($fill, 0, count($measure));115 }116 }117}118119120if (!function_exists( “wp_charts_hex2rgb” )) {121 /**122 * Color conversion function123 *124 * @since Unknown125 * @param $hex126 * @return string127 */128 function wp_charts_hex2rgb($hex) {129 $hex = str_replace(“#", “", $hex);130131 if(strlen($hex) == 3) {132 $r = hexdec(substr($hex,0,1).substr($hex,0,1));133 $g = hexdec(substr($hex,1,1).substr($hex,1,1));134 $b = hexdec(substr($hex,2,1).substr($hex,2,1));135 } else {136 $r = hexdec(substr($hex,0,2));137 $g = hexdec(substr($hex,2,2));138 $b = hexdec(substr($hex,4,2));139 }140141 $rgb = array($r, $g, $b);142 return implode(“,", $rgb); // returns the rgb values separated by commas143 }144}145146147if (!function_exists(‘wp_charts_trailing_comma’)) {148 /**149 * wp_charts_trailing_comma150 *151 * @param $incrementor152 * @param $count153 * @param $subject154 * @return string155 */156 function wp_charts_trailing_comma($incrementor, $count, &$subject) {157 $stopper = $count - 1;158 if ($incrementor !== $stopper) {159 return $subject .= ',’;160 }161 }162}163164/**165 * Chart Shortcode 1 - Core Shortcode with all options166 *167 * @param $atts168 * @return string169 */170function wp_charts_shortcode( $atts ) {171172 // Default Attributes173 // - - - - - - - - - - - - - - - - - - - - - - -174 extract( shortcode_atts(175 array(176 ‘type’ => 'pie’,177 ‘title’ => 'chart’,178 ‘canvaswidth’ => '625’,179 ‘canvasheight’ => '625’,180 ‘width’ => '48%’,181 ‘height’ => 'auto’,182 ‘margin’ => '5px’,183 ‘relativewidth’ => '1’,184 ‘align’ => '’,185 ‘class’ => '’,186 ‘labels’ => '’,187 ‘data’ => '30,50,100’,188 ‘datasets’ => '30,50,100 next 20,90,75’,189 ‘colors’ => '#69D2E7,#E0E4CC,#F38630,#96CE7F,#CEBC17,#CE4264’,190 ‘fillopacity’ => '0.7’,191 ‘pointstrokecolor’ => '#FFFFFF’,192 ‘animation’ => 'true’,193 ‘scalefontsize’ => '12’,194 ‘scalefontcolor’ => '#666’,195 ‘scaleoverride’ => 'false’,196 ‘scalesteps’ => 'null’,197 ‘scalestepwidth’ => 'null’,198 ‘scalestartvalue’ => 'null’199 ), $atts )200 );201202 // prepare data203 // - - - - - - - - - - - - - - - - - - - - - - -204 $title = str_replace(' ', '’, $title);205 $data = explode(',’, str_replace(' ', '’, $data));206 $datasets = explode(“next", str_replace(' ', '’, $datasets));207208 if ( ! $title || ( empty( $data ) && empty( $datasets ) ) ) {209 return '’;210 }211212 // check that the colors are not an empty string213 if ($colors != “”) {214 $colors = explode(',’, str_replace(' ',’’,$colors));215 } else {216 $colors = array(‘#69D2E7’,’#E0E4CC’,’#F38630’,’#96CE7F’,’#CEBC17’,’#CE4264’);217 }218219 (strpos($type, ‘lar’) !== false ) ? $type = ‘PolarArea’ : $type = ucwords($type);220221 // output - covers Pie, Doughnut, and PolarArea222 // - - - - - - - - - - - - - - - - - - - - - - -223 $currentchart = ‘<div class="’.$align.’ ‘.$class.’ wp-chart-wrap” style="max-width: 100%; width:’.$width.’; height:’.$height.’;margin:’.$margin.’;” data-proportion="’.$relativewidth.’">’;224 $currentchart .= '<canvas id="’.$title.’” height="’.$canvasheight.’” width="’.$canvaswidth.’" class="wp_charts_canvas" data-proportion="’.$relativewidth.’"></canvas></div>225 <script type="text/javascript">’;226227 // output Options228 $currentchart .= 'var '.$title.’Ops = {229 animation: '.$animation.’,’;230231 if ($type == ‘Line’ || $type == ‘Radar’ || $type == ‘Bar’ || $type == ‘PolarArea’) {232 $currentchart .= 'scaleFontSize: '.$scalefontsize.’,’;233 $currentchart .= 'scaleFontColor: "’.$scalefontcolor.’",’;234 $currentchart .= ‘scaleOverride:’ .$scaleoverride.’,’;235 $currentchart .= ‘scaleSteps:’ .$scalesteps.’,’;236 $currentchart .= ‘scaleStepWidth:’ .$scalestepwidth.’,’;237 $currentchart .= ‘scaleStartValue:’ .$scalestartvalue;238 }239240 // end options array241 $currentchart .= '}; ';242243 // start the js arrays correctly depending on type244 if ($type == ‘Line’ || $type == ‘Radar’ || $type == ‘Bar’ ) {245246 wp_charts_compare_fill($datasets, $colors);247 $total = count($datasets);248249 // output labels250 $currentchart .= 'var '.$title.’Data = {’;251 $currentchart .= 'labels : [';252 $labelstrings = explode(',’,$labels);253 for ($j = 0; $j < count($labelstrings); $j++ ) {254 $currentchart .= '"’.$labelstrings[$j].’"’;255 wp_charts_trailing_comma($j, count($labelstrings), $currentchart);256 }257 $currentchart .= '],’;258 $currentchart .= 'datasets : [';259 } else {260 wp_charts_compare_fill($data, $colors);261 $total = count($data);262 $currentchart .= 'var '.$title.’Data = [';263 }264265 // create the javascript array of data and attr correctly depending on type266 for ($i = 0; $i < $total; $i++) {267268 if ($type === ‘Pie’ || $type === ‘Doughnut’ || $type === ‘PolarArea’) {269 $currentchart .= '{270 value : '. $data[$i] .’,271 color : '.’"’. $colors[$i].’"’.’272 }’;273274 } else if ($type === ‘Bar’) {275 $currentchart .= '{276 fillColor : "rgba(‘. wp_charts_hex2rgb( $colors[$i] ) .’,’.$fillopacity.’)",277 strokeColor : "rgba('. wp_charts_hex2rgb( $colors[$i] ) .’,1)",278 data : [‘.$datasets[$i].’]279 }’;280281 } else if ($type === ‘Line’ || $type === ‘Radar’) {282 $currentchart .= '{283 fillColor : "rgba(‘. wp_charts_hex2rgb( $colors[$i] ) .’,’.$fillopacity.’)",284 strokeColor : "rgba(‘. wp_charts_hex2rgb( $colors[$i] ) .’,1)",285 pointColor : "rgba(‘. wp_charts_hex2rgb( $colors[$i] ) .’,1)",286 pointStrokeColor : "’.$pointstrokecolor.’",287 data : [‘.$datasets[$i].’]288 }’;289290 } // end type conditional291 wp_charts_trailing_comma($i, $total, $currentchart);292 }293294 // end the js arrays correctly depending on type295 if ($type == ‘Line’ || $type == ‘Radar’ || $type == ‘Bar’) {296 $currentchart .= ']};’;297 } else {298 $currentchart .= '];’;299 }300301 //var wpChart’.$title.$type.’ = new Chart(document.getElementById(“’.$title.’”).getContext(“2d”)).’.$type.’('.$title.’Data,’.$title.’Ops);302303 $currentchart .= '304 window.wp_charts = window.wp_charts || {};305 window.wp_charts[“’.$title.’”] = { options: '.$title.’Ops, data: '.$title.’Data, type: “’.$type.’” };306307 </script>’;308309 // return the final result310 // - - - - - - - - - - - - - - - - - - - - - - -311 return $currentchart;312}313314/**315 * wp_charts_kickoff316 *317 * @since Unknown318 */319function wp_charts_kickoff() {320 add_action( "wp_enqueue_scripts", “wp_charts_load_scripts” );321 add_action('wp_head’, ‘wp_charts_html5_support’);322 add_shortcode( 'wp_charts’, ‘wp_charts_shortcode’ );323}324325add_action('init’, ‘wp_charts_kickoff’);

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907