Headline
CVE-2023-2836: Changeset 2917582 – WordPress Plugin Repository
The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Timestamp:
05/26/2023 06:16:44 AM (5 days ago)
CRMPerks
Message:
releasing 1.1.2
Location:
crm-perks-forms/trunk
Files:
- crm-perks-forms.php (2 diffs)
- includes/admin-pages.php (2 diffs)
- readme.txt (2 diffs)
- templates/sidebar.php (2 diffs)
- templates/step1.php (1 diff)
Legend:
Unmodified
Added
Removed
crm-perks-forms/trunk/crm-perks-forms.php
r2892528
r2917582
1
1
<?php
2
2
/\*\*
3
\* Plugin Name: CRM Perks Forms
3
\* Plugin Name: CRM Perks Forms Pro
4
4
\* Description: Create beautiful contact forms , popups with floating buttons.
5
\* Version: 1.1.1
5
\* Version: 1.1.2
6
6
\* Requires at least: 3.8
7
7
\* Tested up to: 6.2
…
…
12
12
13
13
class cfx\_form {
14
public static $version='1.1.1';
14
public static $version='1.1.2';
15
15
public static $page='cfx-form';
16
16
public static $id='cfx\_form';
crm-perks-forms/trunk/includes/admin-pages.php
r2122985
r2917582
107
107
$title='CRM Perks Forms';
108
108
109
$form\_id=cfx\_form::post('form\_id');
109
$form\_id=(int)cfx\_form::post('form\_id');
110
110
$form=array();
111
111
if( !empty($form\_id)){
112
112
$form = cfx\_form::get\_form($form\_id);
113
113
$title='# '.$form\_id.' '.$form\['name'\];
114
}
114
}
115
115
?>
116
116
<div id="crm-panel" class="wrap">
…
…
119
119
<div id="crm-panel-top" class="wp-ui-primary">
120
120
<div id="menu\_button" class="fa fa-bars"></div>
121
<div class="logo"> <span class="fa fa-dashboard"></span> <span id="cfx\_title"><?php echo $title; ?></span> </div>
121
<div class="logo"> <span class="fa fa-dashboard"></span> <span id="cfx\_title"><?php echo esc\_html($title); ?></span> </div>
122
122
<div style="clear: both"></div>
123
123
</div>
crm-perks-forms/trunk/readme.txt
r2892528
r2917582
4
4
Requires at least: 3.8
5
5
Tested up to: 6.2
6
Stable tag: 1.1.1
7
Version: 1.1.1
6
Stable tag: 1.1.2
7
Version: 1.1.2
8
8
Requires PHP: 5.3
9
9
License: GPLv3
…
…
225
225
\== Changelog ==
226
226
227
\= 1.1.2 =
228
\* fixed xss issue.
229
227
230
\= 1.1.1 =
228
231
\* removed vulnerable sample file.
crm-perks-forms/trunk/templates/sidebar.php
r1926593
r2917582
15
15
$tab\_link=$link.'&form\_id='.$form\_id;
16
16
if(!empty($i)){ $tab\_link.='&tab='.$i; }
17
echo '<li><a href="'.$tab\_link.'" class="'.$class.' '.$i.' steps\_button" id="'.$i.'"><span class="fa fa-'.$v\['icon'\].'"></span> '.$v\['label'\].'</a></li>';
17
echo '<li><a href="'.esc\_url($tab\_link).'" class="'.esc\_attr($class).' '.esc\_attr($i).' steps\_button" id="'.esc\_attr($i).'"><span class="fa fa-'.esc\_attr($v\['icon'\]).'"></span> '.esc\_attr($v\['label'\]).'</a></li>';
18
18
}
19
19
?>
…
…
24
24
$tab\_link=$link;
25
25
if(!empty($i)){ $tab\_link.='&tab='.$i; }
26
echo '<li><a href="'.$tab\_link.'" class="'.$class.'"><span class="fa fa-'.$v\['icon'\].'"></span> '.$v\['label'\].'</a></li>';
26
echo '<li><a href="'.esc\_url($tab\_link).'" class="'.esc\_attr($class).'"><span class="fa fa-'.esc\_attr($v\['icon'\]).'"></span> '.esc\_attr($v\['label'\]).'</a></li>';
27
27
}
28
28
?>
29
<li><a class="<?php if($tab == "export"){echo 'wp-ui-active wp-ui-highlight';} ?>" href="<?php echo $link?>&tab=export"><span class="fa fa-hand-o-right"></span> Import/Export</a></li>
29
<li><a class="<?php if($tab == "export"){echo 'wp-ui-active wp-ui-highlight';} ?>" href="<?php echo esc\_url($link)?>&tab=export"><span class="fa fa-hand-o-right"></span> Import/Export</a></li>
30
30
<?php
31
31
32
32
} ?>
33
<li><a href="<?php echo $link."&tab=new\_form"?>"><span class="fa fa-plus-circle"></span> Add New Form</a></li>
33
<li><a href="<?php echo esc\_url($link."&tab=new\_form");?>"><span class="fa fa-plus-circle"></span> Add New Form</a></li>
34
34
</ul>
35
35
</div> <!--END WP-PANEL-SIDEBAR-->
crm-perks-forms/trunk/templates/step1.php
r2793858
r2917582
8
8
<div class="crm-panel-field">
9
9
<label class="crm\_text\_label">Form Name</label>
10
<input type="text" name="form\_name" id="cfx\_form\_name" class="text" value="<?php echo $form\['name'\]; ?>" required="required">
11
<h3 class="crm-panel-description">use <code> \[crmperks-forms id=<?php echo $form\_id; ?>\] </code> as a shortcode to place it in a post or a page.</h3>
10
<input type="text" name="form\_name" id="cfx\_form\_name" class="text" value="<?php echo esc\_html($form\['name'\]); ?>" required="required">
11
<h3 class="crm-panel-description">use <code> \[crmperks-forms id=<?php echo esc\_html($form\_id); ?>\] </code> as a shortcode to place it in a post or a page.</h3>
12
12
</div>
13
13
Note: See TracChangeset for help on using the changeset viewer.