Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-4308: Changeset 2952471 for user-submitted-posts – WordPress Plugin Repository

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
Open in Source
#xss#web#wordpress#php#auth

Timestamp:

08/11/2023 10:14:44 PM (10 days ago)

specialk

Message:

Updates plugin to version 20230811

Location:

user-submitted-posts

Files:

  • tags/20230811 (copied from user-submitted-posts/trunk)
  • tags/20230811/library/plugin-display.php (1 diff)
  • tags/20230811/library/shortcode-misc.php (3 diffs)
  • tags/20230811/readme.txt (2 diffs)
  • tags/20230811/user-submitted-posts.php (2 diffs)
  • trunk/library/plugin-display.php (1 diff)
  • trunk/library/shortcode-misc.php (3 diffs)
  • trunk/readme.txt (2 diffs)
  • trunk/user-submitted-posts.php (2 diffs)

Legend:

Unmodified

Added

Removed

  • user-submitted-posts/tags/20230811/library/plugin-display.php

    r2944386

    r2952471

739

739

<pre>class  = classes for the parent element (optional, default: none)

740

740

value  = link text (optional, default: "Reset form")

741

 

url    = the URL where your form is displayed (required, default: none)

742

 

custom = any attributes or custom code for the link element (optional, default: none)</pre>

 

741

url    = the URL where your form is displayed (required, default: none)</pre>

743

742

                                <p><?php esc\_html\_e('Note that the url attribute accepts', 'usp'); ?> <code>%%current%%</code> <?php esc\_html\_e('to get the current URL.', 'usp'); ?></p>

744

743

                            </div>

  • user-submitted-posts/tags/20230811/library/shortcode-misc.php

    r2951862

    r2952471

9

9

        value  = link text (optional, default: "Reset form")

10

10

        url    = the URL where your form is displayed (can use %%current%% for current URL)

11

 

        custom = any attributes or custom code for the link element

12

11

   

13

12

\*/

…

…

 

15

14

   

16

15

    extract(shortcode\_atts(array(

17

 

        'class'  => '',

18

 

        'value'  => \_\_('Reset form', 'usp'),

19

 

        'url'    => '#please-check-shortcode',

20

 

        'custom' => '',

 

16

        'class' => '',

 

17

        'value' => \_\_('Reset form', 'usp'),

 

18

        'url'   => '#please-check-shortcode',

21

19

    ), $args));

22

20

   

…

…

 

35

33

    $class = empty($class) ? '' : ' class="'. esc\_attr($class) .'"';

36

34

   

37

 

    $output = '<p'. $class .'><a href="'. esc\_url($href) .'"'. esc\_attr($custom) .'\>'. esc\_html($value) .'</a></p>';

 

35

    $output = '<p'. $class .'><a href="'. esc\_url($href) .'"\>'. esc\_html($value) .'</a></p>';

38

36

   

39

37

    return $output;

  • user-submitted-posts/tags/20230811/readme.txt

    r2951862

    r2952471

11

11

Requires at least: 4.6

12

12

Tested up to: 6.3

13

 

Stable tag: 20230809

14

 

Version:    20230809

 

13

Stable tag: 20230811

 

14

Version:    20230811

15

15

Requires PHP: 5.6.20

16

16

Text Domain: usp

…

…

 

819

819

820

820

 

821

\*\*20230811\*\*

 

822

 

823

\* Removes \`$custom\` variable from \`usp\_reset\_button\_shortcode()\`

 

824

\* Tests on WordPress 6.3

 

825

821

826

\*\*20230809\*\*

822

827

  • user-submitted-posts/tags/20230811/user-submitted-posts.php

    r2951862

    r2952471

11

11

    Requires at least: 4.6

12

12

    Tested up to: 6.3

13

 

    Stable tag: 20230809

14

 

    Version:    20230809

 

13

    Stable tag: 20230811

 

14

    Version:    20230811

15

15

    Requires PHP: 5.6.20

16

16

    Text Domain: usp

…

…

 

39

39

40

40

if (!defined('USP\_WP\_VERSION')) define('USP\_WP\_VERSION', '4.6');

41

 

if (!defined('USP\_VERSION'))    define('USP\_VERSION', '20230809');

 

41

if (!defined('USP\_VERSION'))    define('USP\_VERSION', '20230811');

42

42

if (!defined('USP\_PLUGIN'))     define('USP\_PLUGIN', esc\_html\_\_('User Submitted Posts', 'usp'));

43

43

if (!defined('USP\_FILE'))       define('USP\_FILE', plugin\_basename(\_\_FILE\_\_));

  • user-submitted-posts/trunk/library/plugin-display.php

    r2944386

    r2952471

739

739

<pre>class  = classes for the parent element (optional, default: none)

740

740

value  = link text (optional, default: "Reset form")

741

 

url    = the URL where your form is displayed (required, default: none)

742

 

custom = any attributes or custom code for the link element (optional, default: none)</pre>

 

741

url    = the URL where your form is displayed (required, default: none)</pre>

743

742

                                <p><?php esc\_html\_e('Note that the url attribute accepts', 'usp'); ?> <code>%%current%%</code> <?php esc\_html\_e('to get the current URL.', 'usp'); ?></p>

744

743

                            </div>

  • user-submitted-posts/trunk/library/shortcode-misc.php

    r2951862

    r2952471

9

9

        value  = link text (optional, default: "Reset form")

10

10

        url    = the URL where your form is displayed (can use %%current%% for current URL)

11

 

        custom = any attributes or custom code for the link element

12

11

   

13

12

\*/

…

…

 

15

14

   

16

15

    extract(shortcode\_atts(array(

17

 

        'class'  => '',

18

 

        'value'  => \_\_('Reset form', 'usp'),

19

 

        'url'    => '#please-check-shortcode',

20

 

        'custom' => '',

 

16

        'class' => '',

 

17

        'value' => \_\_('Reset form', 'usp'),

 

18

        'url'   => '#please-check-shortcode',

21

19

    ), $args));

22

20

   

…

…

 

35

33

    $class = empty($class) ? '' : ' class="'. esc\_attr($class) .'"';

36

34

   

37

 

    $output = '<p'. $class .'><a href="'. esc\_url($href) .'"'. esc\_attr($custom) .'\>'. esc\_html($value) .'</a></p>';

 

35

    $output = '<p'. $class .'><a href="'. esc\_url($href) .'"\>'. esc\_html($value) .'</a></p>';

38

36

   

39

37

    return $output;

  • user-submitted-posts/trunk/readme.txt

    r2951862

    r2952471

11

11

Requires at least: 4.6

12

12

Tested up to: 6.3

13

 

Stable tag: 20230809

14

 

Version:    20230809

 

13

Stable tag: 20230811

 

14

Version:    20230811

15

15

Requires PHP: 5.6.20

16

16

Text Domain: usp

…

…

 

819

819

820

820

 

821

\*\*20230811\*\*

 

822

 

823

\* Removes \`$custom\` variable from \`usp\_reset\_button\_shortcode()\`

 

824

\* Tests on WordPress 6.3

 

825

821

826

\*\*20230809\*\*

822

827

  • user-submitted-posts/trunk/user-submitted-posts.php

    r2951862

    r2952471

11

11

    Requires at least: 4.6

12

12

    Tested up to: 6.3

13

 

    Stable tag: 20230809

14

 

    Version:    20230809

 

13

    Stable tag: 20230811

 

14

    Version:    20230811

15

15

    Requires PHP: 5.6.20

16

16

    Text Domain: usp

…

…

 

39

39

40

40

if (!defined('USP\_WP\_VERSION')) define('USP\_WP\_VERSION', '4.6');

41

 

if (!defined('USP\_VERSION'))    define('USP\_VERSION', '20230809');

 

41

if (!defined('USP\_VERSION'))    define('USP\_VERSION', '20230811');

42

42

if (!defined('USP\_PLUGIN'))     define('USP\_PLUGIN', esc\_html\_\_('User Submitted Posts', 'usp'));

43

43

if (!defined('USP\_FILE'))       define('USP\_FILE', plugin\_basename(\_\_FILE\_\_));

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE