Headline

CVE-2023-5071: Changeset 2970788 for sitekit – WordPress Plugin Repository

The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘sitekit_iframe’ shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

1 year ago

CVE

Open in Source

#xss #web #js #git #wordpress #php #auth

Timestamp:

09/23/2023 11:43:10 PM (4 weeks ago)

webvitaly

Message:

Ver.1.5;

remove all iframe attributes starting with "on". Examples: onload, onmouseover, onfocus, onpageshow, onclick

Location:

sitekit

Files:

tags/1.5
tags/1.5/.gitattributes
tags/1.5/.gitignore
tags/1.5/css
tags/1.5/css/sitekit.css
tags/1.5/inc
tags/1.5/inc/sitekit-functions.php
tags/1.5/inc/sitekit-settings.php
tags/1.5/inc/sitekit-shortcode-archives.php
tags/1.5/inc/sitekit-shortcode-bloginfo.php
tags/1.5/inc/sitekit-shortcode-categories.php
tags/1.5/inc/sitekit-shortcode-iframe.php
tags/1.5/inc/sitekit-shortcode-posts.php
tags/1.5/inc/sitekit-widget-archives.php
tags/1.5/inc/sitekit-widget-categories.php
tags/1.5/inc/sitekit-widget-posts.php
tags/1.5/inc/sitekit-widget-search.php
tags/1.5/js
tags/1.5/js/tinymce.js
tags/1.5/readme.txt
tags/1.5/sitekit.php
tags/1.5/todo.txt
trunk/inc/sitekit-shortcode-iframe.php (1 diff)
trunk/readme.txt (2 diffs)
trunk/sitekit.php (2 diffs)

Legend:

Unmodified

Added

Removed

sitekit/trunk/inc/sitekit-shortcode-iframe.php

r2960330

r2970788

22

22

            $value = esc\_url( $value );

23

23

        }

24

 

        // remove some attributes

25

 

        if ( strtolower($attr) != 'onload' AND strtolower($attr) != 'onpageshow' AND strtolower($attr) != 'onclick') {

 

24

        // remove all attributes starting with "on". Examples: onload, onmouseover, onfocus, onpageshow, onclick

 

25

        if ( strpos( strtolower( $attr ), 'on' ) !== 0 ) {

26

26

            if ( $value != '' ) {

27

27

                // adding all attributes

sitekit/trunk/readme.txt

r2960330

r2970788

2

2

Contributors: webvitaly

3

3

Donate link: http://web-profile.net/donate/

4

 

Tags: widget, widgets, search, archive, archives, category, categories, pages, shortcode, shortcodes, bloginfo

 

4

Tags: widget, widgets, search, archive, archives, category, categories, pages, shortcode, shortcodes, bloginfo, iframe

5

5

Requires at least: 4.0

6

6

Tested up to: 6.3.1

7

 

Stable tag: 1.4

 

7

Stable tag: 1.5

8

8

License: GPLv3

9

9

License URI: http://www.gnu.org/licenses/gpl.html

10

10

11

 

Widgets: search, archives and categories. Shortcodes: archives, bloginfo and categories.

 

11

Widgets: search, archives and categories. Shortcodes: archives, bloginfo, iframe and categories.

12

12

13

13

\== Description ==

…

…

 

108

108

\== Changelog ==

109

109

 

110

\= 1.5 =

 

111

\* Removed all iframe attributes starting with "on". Examples: onload, onmouseover, onfocus, onpageshow, onclick.

 

112

110

113

\= 1.4 =

111

114

\* Sanitize iframe URL.

sitekit/trunk/sitekit.php

r2960330

r2970788

4

4

Plugin URI: https://wordpress.org/plugins/sitekit/

5

5

Description: Widgets: search, archives, categories, pages, posts. Shortcodes: archives, bloginfo, categories, posts.

6

 

Version: 1.4

 

6

Version: 1.5

7

7

Author: webvitaly

8

8

Text Domain: sitekit

…

…

 

15

15

}

16

16

17

 

define('SITEKIT\_PLUGIN\_VERSION', '1.4');

 

17

define('SITEKIT\_PLUGIN\_VERSION', '1.5');

18

18

define('SITEKIT\_PLUGIN\_POWERED', "\\n".'<!-- Powered by Sitekit v.'.SITEKIT\_PLUGIN\_VERSION.' https://wordpress.org/plugins/sitekit/ -->'."\\n");

19

19

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago