Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0399: Changeset 2678919 – WordPress Plugin Repository

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action’s response, leading to a Reflected Cross-Site Scripting

CVE
Open in Source
#xss#vulnerability#js#java

advanced-product-labels-for-woocommerce/trunk/berocket/assets/popup/br_popup.js

r2336545

r2678919

347

347

348

348

        element.on('animationend', handleAnimationEnd);

349

        setTimeout(function() {

350

            element.trigger('animationend');

351

        }, 1500);

349

352

    };

350

353

    this.print = function() {

advanced-product-labels-for-woocommerce/trunk/berocket/framework.php

r2670502

r2678919

36

36

load\_plugin\_textdomain('BeRocket\_domain', false, dirname( plugin\_basename( \_\_FILE\_\_ ) ) . '/languages/');

37

37

class BeRocket\_Framework {

38

    public static $framework\_version = '2.7.5';

39

    public $plugin\_framework\_version = '2.7.5';

38

    public static $framework\_version = '2.7.6';

39

    public $plugin\_framework\_version = '2.7.6';

40

40

    public static $settings\_name = '';

41

41

    public $addons;

advanced-product-labels-for-woocommerce/trunk/berocket/framework_version.php

r2670502

r2678919

1

1

<?php

2

$framework_version_current = '2.7.5’;

2

$framework_version_current = '2.7.6’;

3

3

if( version_compare($framework_version_current, $framework_version, ‘>’) ) {

4

4

$framework\_version = $framework\_version\_current;

advanced-product-labels-for-woocommerce/trunk/includes/better_position.php

r2664533

r2678919

542

542

        if ( current\_user\_can( 'manage\_options' ) ) {

543

543

            foreach( $\_POST\['tax\_color\_set'\] as $key => $value ) {

544

                update\_metadata( 'berocket\_term', $key, $\_POST\['tax\_color\_set\_type'\], $value );

544

                update\_metadata( 'berocket\_term', sanitize\_text\_field($key), sanitize\_text\_field($\_POST\['tax\_color\_set\_type'\]), sanitize\_text\_field($value) );

545

545

            }

546

546

            unset( $\_POST\['tax\_color\_set'\] );

547

547

        }

548

548

    } elseif( defined('DOING\_AJAX') && DOING\_AJAX ) {

549

        echo self::color\_list\_view( $\_POST\['tax\_color\_set\_type'\], $\_POST\['tax\_color\_set\_name'\], true );

549

        echo self::color\_list\_view( sanitize\_text\_field($\_POST\['tax\_color\_set\_type'\]), sanitize\_text\_field($\_POST\['tax\_color\_set\_name'\]), true );

550

550

        wp\_die();

551

551

    }

563

563

    }

564

564

    $html .= '</h3>';

565

    $html .= '<input type="hidden" name="tax\_color\_set\_type" value="' . $type . '">';

566

    $html .= '<input type="hidden" name="tax\_color\_set\_name" value="' . $taxonomy\_name . '">';

565

    $html .= '<input type="hidden" name="tax\_color\_set\_type" value="' . esc\_attr($type) . '">';

566

    $html .= '<input type="hidden" name="tax\_color\_set\_name" value="' . esc\_attr($taxonomy\_name) . '">';

567

567

    $html .= '<table>';

568

568

    if( is\_array($terms) ) {

570

570

            $html .= '<tr>';

571

571

            $meta = get\_metadata('berocket\_term', $term->term\_id, $type);

572

            $meta = br\_get\_value\_from\_array($meta, 0);

573

            $meta = esc\_attr($meta);

572

574

            $html .= '<th>' . $term->name . '</th>';

573

575

            if( $type == 'color' ) {

574

576

                $function = 'br\_color\_picker';

575

577

                $default = 'ffffff';

576

                $html .= '<td>' . $function('tax\_color\_set\[' . $term->term\_id . '\]', br\_get\_value\_from\_array($meta, 0), $default, array('extra' => "data-term\_id='".$term->term\_id."' data-term\_name='".$term->name."'")) . '</td>';

578

                $html .= '<td>' . $function('tax\_color\_set\[' . $term->term\_id . '\]', $meta, $default, array('extra' => "data-term\_id='".$term->term\_id."' data-term\_name='".$term->name."'")) . '</td>';

577

579

            } else {

578

580

                $function = 'br\_fontawesome\_image';

579

581

                $default = '';

580

                $html .= '<td>' . $function('tax\_color\_set\[' . $term->term\_id . '\]', br\_get\_value\_from\_array($meta, 0), array('extra' => "data-term\_id='".$term->term\_id."' data-term\_name='".$term->name."'")) . '</td>';

582

                $html .= '<td>' . $function('tax\_color\_set\[' . $term->term\_id . '\]', $meta, array('extra' => "data-term\_id='".$term->term\_id."' data-term\_name='".$term->name."'")) . '</td>';

581

583

            }

582

584

            $html .= '</tr>';

advanced-product-labels-for-woocommerce/trunk/includes/style_generate.php

r2670502

r2678919

9

9

public function get\_labels\_ids() {

10

10

    $custom\_posts\_class = BeRocket\_products\_label::getInstance();

11

    return $custom\_posts\_class->get\_labels\_ids();

11

    $args = apply\_filters('berocket\_labels\_get\_args\_styles', array(

12

        'suppress\_filters' => true

13

    ));

14

    return $custom\_posts\_class->custom\_post->get\_custom\_posts\_frontend( $args );

12

15

}

13

16

function get\_styles() {

advanced-product-labels-for-woocommerce/trunk/main.php

r2664533

r2678919

492

492

    wp\_enqueue\_style( 'berocket\_widget-colorpicker-style' );

493

493

    wp\_enqueue\_style( 'berocket\_font\_awesome' );

494

    do\_action('berocket\_apl\_load\_admin\_edit\_scripts');

494

495

}

495

496

public function product\_edit\_tab () {

advanced-product-labels-for-woocommerce/trunk/readme.txt

r2670502

r2678919

6

6

Requires at least: 5.0

7

7

Tested up to: 5.9

8

Stable tag: 1.2.3.6

8

Stable tag: 1.2.3.7

9

9

License: GPLv2 or later

10

10

License URI: http://www.gnu.org/licenses/gpl-2.0.html

144

144

== Changelog ==

145

145

146

= 1.2.3.7 =

147

* Enhancement - Compatibility version: WooCommerce 6.2

148

* Fix - XSS Vulnerability for admin area

149

* Fix - JavaScript files load on admin pages where not needed

150

* Fix - Label styles do not work on some pages with WPML

151

146

152

= 1.2.3.6 =

147

153

* Fix - XSS Vulnerability

advanced-product-labels-for-woocommerce/trunk/woocommerce-advanced-products-labels.php

r2670502

r2678919

4

4

* Plugin URI: https://berocket.com/product/woocommerce-advanced-product-labels?utm_source=free_plugin&utm_medium=plugins&utm_campaign=products_label

5

5

* Description: Promote your products! Show “Free Shipping” or other special attributes with your products.

6

* Version: 1.2.3.6

6

* Version: 1.2.3.7

7

7

* Author: BeRocket

8

8

* Requires at least: 5.0

10

10

* Text Domain: BeRocket_products_label_domain

11

11

* Domain Path: /languages/

12

* WC tested up to: 6.1

12

* WC tested up to: 6.2

13

13

*/

14

define( "BeRocket_products_label_version", ‘1.2.3.6’ );

14

define( "BeRocket_products_label_version", ‘1.2.3.7’ );

15

15

define( "BeRocket_products_label_file", __FILE__ );

16

16

include_once(‘main.php’);

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE