Headline
CVE-2023-0942: html-admin-setting-screen.php in woocommerce-for-japan/trunk/includes/admin/views – WordPress Plugin Repository
The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
1<?php2global $woocommerce;3$tab = wc_clean($_GET[‘tab’]);4if(isset($tab)){5 $section = 'jp4wc_’.$tab;6}else{7 $section = 'jp4wc_setting’;8 $tab = 'setting’;9}10$title = array(11 ‘setting’ => __( 'General Setting’, ‘woocommerce-for-japan’ ),12 ‘shipment’ => __( 'Shipment Setting’, ‘woocommerce-for-japan’ ),13 ‘payment’ => __( 'Payment Setting’, ‘woocommerce-for-japan’ ),14 ‘law’ => __( 'Notation based on Specified Commercial Transaction Law’, ‘woocommerce-for-japan’ ),15 ‘affiliate’ => __( 'Affiliate Setting’, ‘woocommerce-for-japan’ ),16);17$title = apply_filters( 'wc4jp_admin_setting_title’, $title );18if(!isset($title[$tab]))$title[$tab]=__('The URL for this page is incorrect.’, ‘woocommerce-for-japan’);19?>20<div class="wrap">21 <h2><?php echo $title[$tab];?></h2>22 <div class="jp4wc-settings metabox-holder">23 <div class="jp4wc-sidebar">24 <div class="jp4wc-credits">25 <h3 class="hndle"><?php echo __( 'Japanized for WooCommerce’, ‘woocommerce-for-japan’ ) . ' ' . JP4WC_VERSION;?></h3>26 <div class="inside">27 <?php $this->jp4wc_plugin->jp4wc_pro_notice(‘https://wc4jp-pro.work/’);?>28 <hr />29 <?php $this->jp4wc_plugin->jp4wc_update_notice();?>30 <hr />31 <?php $this->jp4wc_plugin->jp4wc_community_info();?>32 <?php if ( ! get_option( ‘wc4jp_admin_footer_text_rated’ ) ) :?>33 <hr />34 <h4 class="inner"><?php echo __( ‘Do you like this plugin?’, ‘woocommerce-for-japan’ );?></h4>35 <p class="inner"><a href="https://wordpress.org/support/plugin/woocommerce-for-japan/reviews/#postform" target="_blank" title="’ . __( 'Rate it 5’, ‘woocommerce-for-japan’ ) . '"><?php echo __( 'Rate it 5’, ‘woocommerce-for-japan’ )?> </a><?php echo __( 'on WordPress.org’, ‘woocommerce-for-japan’ ); ?><br />36 </p>37 <?php endif;?>38 <hr />39 <?php $this->jp4wc_plugin->jp4wc_author_info(JP4WC_URL_PATH);?>40 </div>41 </div>42 </div>43 <form id="jp4wc-setting-form" method="post" action="">44 <div id="main-sortables" class="meta-box-sortables ui-sortable">45 <?php46 //Display Setting Screen47 settings_fields( $section );48 $this->jp4wc_plugin->do_settings_sections( $section );49 ?>50 <p class="submit">51 <?php52 submit_button( '’, 'primary’, 'save_’.$section, false );53 ?>54 </p>55 </div>56 </form>57 <div class="clear"></div>58 </div>59 <script type="text/javascript">60 //<![CDATA[61 jQuery(document).ready( function ($) {62 // close postboxes that should be closed63 $(‘if-js-closed’).removeClass(‘if-js-closed’).addClass(‘closed’);64 // postboxes setup65 postboxes.add_postbox_toggles(‘<?php echo $section; ?>’);66 });67 //]]>68 </script>69</div>
Related news
WordPress plugins Watu Quiz versions 3.3.9 and below, GN Publisher versions 1.5.5 and below, and Japanized For WooCommerce versions 2.5.4 and below suffer from cross site scripting vulnerabilities.