Headline
CVE-2023-2735: Changeset 2914493 for groundhogg/trunk/includes/better-meta-compat.php – WordPress Plugin Repository
The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gh_form’ shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms.
Timestamp:
05/18/2023 09:11:58 PM (31 hours ago)
trainingbusinesspros
Message:
Update to version 2.7.10 from GitHub
File:
- groundhogg/trunk/includes/better-meta-compat.php (1 diff)
Legend:
Unmodified
Added
Removed
groundhogg/trunk/includes/better-meta-compat.php
r2905793
r2914493
87
87
$data = $contact->get\_meta( $field\['name'\] );
88
88
89
switch ( $field\['type'\] ):
90
default:
91
case 'text':
92
case 'custom\_email':
93
case 'email':
94
case 'url':
95
case 'tel':
96
case 'radio':
97
case 'textarea':
98
$data = esc\_html( $data );
99
break;
100
case 'datetime':
101
$data = date\_i18n( get\_date\_time\_format(), strtotime( $data ) );
102
break;
103
case 'time':
104
$data = date\_i18n( get\_time\_format(), strtotime( $data ) );
105
break;
106
case 'date':
107
$data = date\_i18n( get\_option( 'date\_format' ), strtotime( $data ) );
108
break;
109
case 'number':
110
$data = floatval( $data );
111
$data = number\_format\_i18n( $data, floor( $data ) != $data ? 2 : 0 );
112
break;
113
case 'dropdown':
114
case 'checkboxes':
115
if ( is\_array( $data ) ) {
116
$data = esc\_html( implode( ', ', $data ) );
117
} else {
89
if ( ! empty( $data ) ){
90
switch ( $field\['type'\] ):
91
default:
92
case 'text':
93
case 'custom\_email':
94
case 'email':
95
case 'url':
96
case 'tel':
97
case 'radio':
98
case 'textarea':
118
99
$data = esc\_html( $data );
119
}
120
break;
121
case 'html':
122
// output with no change as already HTML
123
break;
124
endswitch;
100
break;
101
case 'datetime':
102
$data = date\_i18n( get\_date\_time\_format(), strtotime( $data ) );
103
break;
104
case 'time':
105
$data = date\_i18n( get\_time\_format(), strtotime( $data ) );
106
break;
107
case 'date':
108
$data = date\_i18n( get\_option( 'date\_format' ), strtotime( $data ) );
109
break;
110
case 'number':
111
$data = floatval( $data );
112
$data = number\_format\_i18n( $data, floor( $data ) != $data ? 2 : 0 );
113
break;
114
case 'dropdown':
115
case 'checkboxes':
116
if ( is\_array( $data ) ) {
117
$data = esc\_html( implode( ', ', $data ) );
118
} else {
119
$data = esc\_html( $data );
120
}
121
break;
122
case 'html':
123
// output with no change as already HTML
124
break;
125
endswitch;
126
}
127
128
/\*\*
129
\* Filter the display value of a custom field
130
\*
131
\* @param $data mixed the custom field display value
132
\* @param $contact Contact
133
\*/
134
$data = apply\_filters( 'groundhogg/display\_custom\_field', $data, $contact );
125
135
126
136
if ( $echo ) {
Note: See TracChangeset for help on using the changeset viewer.