Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-5073: iframe-forms.php in iframe-forms/trunk – WordPress Plugin Repository

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘iframe’ shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
Open in Source
#xss#web#wordpress#php#auth

Last change on this file was 1393107, checked in by , 8 years ago

Adding first version of my plugin

File size: 1.8 KB

Line

1

<?php

2

/*

3

Plugin Name: iframe forms

4

Description: [iframe src="http://example.com" width="100%" height="500"] shortcode

5

Version: 1.0

6

License: GPLv3

7

*/

8

9

function iframe_unqprfx_embed_shortcode( $atts ) {

10

    $defaults \= array(

11

            'src' \=> 'http://example.com',

12

            'width' \=> '100%',

13

            'height' \=> '500',

14

            'scrolling' \=> 'yes',

15

            'class' \=> 'iframe-class',

16

            'frameborder' \=> '0'

17

    );

18

19

    foreach ( $defaults as $default \=> $value ) { // add defaults

20

            if ( ! @array\_key\_exists( $default, $atts ) ) { // mute warning with "@" when no params at all

21

                    $atts\[$default\] \= $value;

22

            }

23

    }

24

25

    $html \= "\\n".'<!-- iframe forms plugin v.1.0 -->'."\\n";

26

    $html .= '<iframe';

27

    foreach( $atts as $attr \=> $value ) {

28

            if ( strtolower($attr) != 'height\_like' AND strtolower($attr) != 'onload'

29

                    AND strtolower($attr) != 'onpageshow' AND strtolower($attr) != 'onclick') { // remove some attributes

30

                    if ( $value != '' ) { // adding all attributes

31

                            $html .= ' ' . esc\_attr( $attr ) . '="' . esc\_attr( $value ) . '"';

32

                    } else { // adding empty attributes

33

                            $html .= ' ' . esc\_attr( $attr );

34

                    }

35

            }

36

            if ( strtolower($attr) \== 'src' ) { // remove some attributes

37

                    //if needed in the futur

38

            }

39

    }

40

    $html .= ' >Loading...</iframe>'."\\n";

41

42

    if ( isset( $atts\["height\_like"\] ) ) {

43

            $html .= '

44

                    <script>

45

                    document.addEventListener("DOMContentLoaded", function(){

46

                            var target\_element, iframe\_element;

47

                            iframe\_element = document.querySelector("iframe.' . esc\_attr( $atts\["class"\] ) . '");

48

                            target\_element = document.querySelector("' . esc\_attr( $atts\["height\_like"\] ) . '");

49

                            iframe\_element.style.height = target\_element.offsetHeight + "px";

50

                    });

51

                    </script>

52

            ';

53

    }

54

55

    return $html;

56

}

57

add_shortcode( 'iframe’, ‘iframe_unqprfx_embed_shortcode’ );

Note: See TracBrowser for help on using the repository browser.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE