Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1822: Changeset 2727947 for zephyr-project-manager – WordPress Plugin Repository

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE
#xss#web#wordpress#php#auth

zephyr-project-manager/trunk/readme.txt

r2727937

r2727947

3

3

Contributors: dylanjkotze

4

4

Plugin URI: https://zephyr-one.com

5

Donate link: https://zephyr-one.com

5

Donate link: https://www.paypal.com/donate/?cmd=_donations&[email protected]&item_name=Zephyr+Project+Manager+Donation&currency_code=USD&source=url

6

6

Tags: project manager, task manager, project, projects, task, tasks, files, discussions, collaboration, pm, zephyr, modern project, management, orginization, zpm

7

7

Requires at least: 3.2

152

152

153

153

== Changelog ==

154

= 3.2.41 =

155

* Tested with WP 6.0

156

* Fixed security issue

154

157

155

158

= 3.2.31 =

zephyr-project-manager/trunk/templates/help.php

r2185267

r2727947

80

80

                    <div class="zpm-grid-item zpm-grid-item-3">

81

81

                        <a href="https://www.patreon.com/dylanjkotze" target="\_blank" class="zpm-material-card zpm-material-card-colored zpm-card-color-darker-blue">

82

                            <h4 class="zpm-card-header"><?php \_e( 'Donate and Support Me', 'zephyr-project-manager' ); ?></h4>

83

                            <p class="zpm-card\_\_description"><?php \_e( 'If you like the plugin and would like to support me to continue adding great new features and improvements, please consider supporting me on Patreon. It would truly mean so much to me!', 'zephyr-project-manager' ); ?></p>

82

                            <h4 class="zpm-card-header"><?php \_e( 'Donate and Supporting the Plugin', 'zephyr-project-manager' ); ?></h4>

83

                            <p class="zpm-card\_\_description"><?php \_e( 'If you like the plugin and would like to support it to continue adding great new features and improvements, please consider supporting me on Patreon or via PayPal. It would truly mean so much to me!', 'zephyr-project-manager' ); ?></p>

84

84

                        </a>

85

85

                    </div>

92

92

                </div>

93

93

            </div>

94

94

<!–

95

95

            <h1 class="zpm\_page\_title"><?php \_e( 'More Zephyr Plugins', 'zephyr-project-manager' ); ?></h1>

96

96

            <div class="zpm-grid-container">

105

105

            </div>

106

106

107

107

             -->

108

108

109

109

            <!-- Display Patreon Notice -->

110

110

            <?php if ( !Utillities::notice\_is\_dismissed( 'zpm-patreon-notice' ) ) : ?>

111

111

                <div id="zpm-whats-new" class="zpm-panel zpm-panel-12" data-notice="'zpm-patreon-notice'">

112

                    <h4 class="zpm\_panel\_title"><?php \_e( 'Support me on Patreon', 'zephyr-project-manager' ); ?></h4>

113

                    <p><?php \_e( 'If you like the plugin and what I do and would like to help me improve the plugin more, please consider supporting me on Patreon. This would help a lot in being able to work on the plugin full-time and focus more on it to make it better and add new features. Thank you so much.', 'zephyr-project-manager' ); ?></p>

112

                    <h4 class="zpm\_panel\_title"><?php \_e( 'Support the plugin on Patreon', 'zephyr-project-manager' ); ?></h4>

113

                    <p><?php \_e( 'If you like the plugin and would like to help improve the plugin further, please consider supporting me on Patreon. This would help a lot in being able to work on the plugin full-time and focus more on it to make it better and add new features. Thank you so much.', 'zephyr-project-manager' ); ?></p>

114

114

                    <div class="zpm-notice-buttons">

115

115

116

116

                        <button class="zpm-dismiss-notice-button zpm\_button" data-notice-version="zpm-patreon-notice"><?php \_e( 'Dismiss Notice', 'zephyr-project-manager' ); ?></button>

117

                        <a href="https://www.paypal.com/donate/?cmd=\_donations&[email protected]&item\_name=Zephyr+Project+Manager+Donation&currency\_code=USD&source=url" target="\_blank" class="zpm-patreon-button zpm\_button"><?php \_e( 'PayPal Donation', 'zephyr-project-manager' ); ?></a>

117

118

                        <a href="https://www.patreon.com/dylanjkotze" target="\_blank" class="zpm-patreon-button zpm\_button"><?php \_e( 'Support me on Patreon', 'zephyr-project-manager' ); ?></a>

118

119

                    </div>

zephyr-project-manager/trunk/templates/parts/new_task.php

r2713222

r2727947

59

59

            </div>

60

60

        <?php else : ?>

61

            <input type="hidden" id="zpm\_new\_task\_project" value="<?php echo $\_GET\['project'\] ?>"/>

61

            <input type="hidden" id="zpm\_new\_task\_project" value="<?\= esc\_attr($\_GET\['project'\]) ?>"/>

62

62

        <?php endif; ?>

63

63

zephyr-project-manager/trunk/templates/parts/project-single.php

r2713383

r2727947

20

20

21

21

$manager = ZephyrProjectManager();

22

$project = Projects::get\_project( $\_GET\['project'\] );

22

$projectId = isset($\_GET\['project'\]) ? esc\_attr($\_GET\['project'\]) : '';

23

$project = Projects::get\_project($projectId);

23

24

$base\_url =  esc\_url(admin\_url('/admin.php?page=zephyr\_project\_manager\_projects'));

24

25

$BaseController = new BaseController;

zephyr-project-manager/trunk/templates/parts/task-edit-modal.php

r2185267

r2727947

60

60

            </div>

61

61

        <?php else : ?>

62

            <input type="hidden" id="zpm\_edit\_task\_project" value="<?php echo $\_GET\['project'\] ?>"/>

62

            <input type="hidden" id="zpm\_edit\_task\_project" value="<?\= esc\_attr($\_GET\['project'\]) ?>"/>

63

63

        <?php endif; ?>

64

64

zephyr-project-manager/trunk/templates/parts/task-single.php

r2714375

r2727947

22

22

$this\_task = ($Tasks->get\_task($task\_id) !== null) ? $Tasks->get\_task($task\_id) : '';

23

23

$projects = Projects::get\_projects();

24

24

25

if (!is\_object($this\_task)) {

25

26

    ?>

33

34

        <div class="zpm-notice"><?php \_e( 'Sorry, you do not have access to this task.', 'zephyr-project-manager' ); ?></div>

34

35

    <?php

35

    return;

36

    exit();

36

37

}

37

38

zephyr-project-manager/trunk/zephyr-project-manager.php

r2714375

r2727947

7

7

* Description: A modern project manager for WordPress to keep track of all your projects from within WordPress.

8

8

* Plugin URI: https://zephyr-one.com

9

* Version: 3.2.40

9

* Version: 3.2.41

10

10

* Author: Dylan James

11

11

* License: GPLv2 or later

Related news

CVE-2022-2433: Vulnerability Advisories - Wordfence

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

CVE-2022-2939: Vulnerability Advisories - Wordfence

The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks.

CVE-2022-2517: Vulnerability Advisories - Wordfence

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2022-2541: Vulnerability Advisories - Wordfence

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-2540: Vulnerability Advisories - Wordfence

The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-2516: Vulnerability Advisories - Wordfence

The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2022-2935: Vulnerability Advisories - Wordfence

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.

CVE-2022-2430: Vulnerability Advisories - Wordfence

The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2022-2542: Vulnerability Advisories - Wordfence

The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-2716: Vulnerability Advisories - Wordfence

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Editor' block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2022-3026: Vulnerability Advisories - Wordfence

The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

CVE-2022-2518: Vulnerability Advisories - Wordfence

The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-2434: Vulnerability Advisories - Wordfence

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

CVE-2022-2936: Vulnerability Advisories - Wordfence

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.

CVE-2022-2695: Vulnerability Advisories - Wordfence

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2022-2001: Vulnerability Advisories - Wordfence

The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxss_admin_page() function found in the ~/dx-share-selection.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.

CVE-2022-2224: Vulnerability Advisories - Wordfence

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-2444: Vulnerability Advisories - Wordfence

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

CVE-2022-1565: Vulnerability Advisories - Wordfence

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.

CVE-2022-1750: Vulnerability Advisories - Wordfence

The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue mostly affects sites where unfiltered_html has been disabled for administrators and on multi-site installations where unfiltered_html is disabled for administrators.

CVE-2022-1749: Vulnerability Advisories - Wordfence

The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.

CVE-2022-0209: Vulnerability Advisories - Wordfence

The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping on the application id parameters. This makes it possible for authenticated (admin+) attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled.

CVE-2022-1900: Vulnerability Advisories - Wordfence

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-0210: Vulnerability Advisories - Wordfence

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

CVE-2021-42367: Vulnerability Advisories - Wordfence

The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.

CVE-2021-42362: Vulnerability Advisories - Wordfence

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.

CVE-2021-39348: Vulnerability Advisories - Wordfence

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702.

CVE-2021-34627: Vulnerability Advisories - Wordfence

A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions 2.2.3 and prior.

CVE-2021-34626: Vulnerability Advisories - Wordfence

A vulnerability in the deleteCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to delete custom extensions added by administrators. This issue affects versions 2.2.3 and prior.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907