Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-5291: Changeset 2974261 for blog-filter – WordPress Plugin Repository

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘AWL-BlogFilter’ shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
Open in Source
#xss#vulnerability#web#wordpress#php#auth

blog-filter/trunk/blog-filter-output.php

r2964479

r2974261

71

71

                if ( $blog\_filter\_all == 'yes' ) {

72

72

                    ?>

73

                    <li id="all" class="snip0047 active" data-filter="all"><span style="pointer-events: none;"><?php echo esc\_html(\_\_( $blog\_all\_text, 'blog-filter' )); echo $all\_post\_count; ?></span><i class="fa fa-check" style="pointer-events: none;"></i></li>

73

                    <li id="all" class="snip0047 active" data-filter="all"><span style="pointer-events: none;"><?php echo esc\_html(\_\_( $blog\_all\_text, 'blog-filter' )); echo esc\_html( $all\_post\_count ); ?></span><i class="fa fa-check" style="pointer-events: none;"></i></li>

74

74

                    <?php

75

75

                } foreach ( $terms as $term ) {

80

80

                    }

81

81

                    ?>

82

                    <li class="snip0047" value="<?php echo esc\_attr( $term->term\_id ); ?>" data-filter="<?php echo esc\_attr( $term->term\_id ); ?>"><span style="pointer-events: none;"><?php echo esc\_html(\_\_( $term->name, 'blog-filter' )); echo $single\_filter\_post\_count; ?></span><i class="fa fa-check" style="pointer-events: none;"></i></li>

82

                    <li class="snip0047" value="<?php echo esc\_attr( $term->term\_id ); ?>" data-filter="<?php echo esc\_attr( $term->term\_id ); ?>"><span style="pointer-events: none;"><?php echo esc\_html(\_\_( $term->name, 'blog-filter' )); echo esc\_html( $single\_filter\_post\_count ); ?></span><i class="fa fa-check" style="pointer-events: none;"></i></li>

83

83

                    <?php

84

84

                } ?>

88

88

            if($blog\_search == "yes") { ?>

89

89

                <div class="search text-center">

90

                    <input type="text" class="filtr-controls searchTerm" name="blog\_search" placeholder="<?php \_e($blog\_search\_text, 'blog-filter'); ?>" data-search>

90

                    <input type="text" class="filtr-controls searchTerm" name="blog\_search" placeholder="<?php echo esc\_html(\_\_($blog\_search\_text, 'blog-filter')); ?>" data-search>

91

91

                </div>

92

92

                <?php

126

126

            }

127

127

            ?>

128

            <div id="bf\_<?php echo get\_the\_ID(); ?>" data-category="<?php echo esc\_attr( $keys ); ?>" data-sort="<?php echo esc\_attr( $filter\_value->name ); ?>" class=" pfg\_theme\_1 filtr-item filtr\_item\_1 single\_one <?php echo $blog\_col\_large\_desktops; ?> col-md-4 col-sm-6 col-xs-12">

128

            <div id="bf\_<?php echo get\_the\_ID(); ?>" data-category="<?php echo esc\_attr( $keys ); ?>" data-sort="<?php echo esc\_attr( $filter\_value->name ); ?>" class=" pfg\_theme\_1 filtr-item filtr\_item\_1 single\_one <?php echo esc\_attr( $blog\_col\_large\_desktops ); ?> col-md-4 col-sm-6 col-xs-12">

129

129

                <div class="bf\_thumb\_box\_1 hvr-shadow-radial">

130

130

                    <div class="bf\_title\_box\_1">

153

153

                            }

154

154

                            if ( $blog\_image\_hover\_effect == 'hover1' ) { ?>

155

                                <figure class="snip1550 fit-in-content" style="<?php echo $background\_image; ?>">

155

                                <figure class="snip1550 fit-in-content" style="<?php echo esc\_url( $background\_image ); ?>">

156

156

                                    <?php if($blog\_fixed\_grid != 'yes') { ?>

157

157

                                        <img title="<?php echo esc\_attr( $image\_alt ); ?>" class="portfolio\_thumbnail" src="<?php echo esc\_url(get\_the\_post\_thumbnail\_url( null, $blog\_image\_quality )); ?>" alt="<?php echo esc\_attr( $image\_alt ); ?>">

161

161

                            } if ( $blog\_image\_hover\_effect == 'none' ) {

162

162

                                if($blog\_fixed\_grid == 'yes') { ?>

163

                                    <figure class="fit-in-content" style="<?php echo $background\_image; ?>">

163

                                    <figure class="fit-in-content" style="<?php echo esc\_url( $background\_image ); ?>">

164

164

                                    </figure>

165

165

                                    <?php

212

212

                                <?php

213

213

                                $blog\_desc\_words = esc\_html( $blog\_desc\_words );

214

                                echo esc\_html(ucfirst( stripcslashes( substr( get\_the\_excerpt(), 0, $blog\_desc\_words ) ) . '...' )); ?>

214

                                echo esc\_html( stripcslashes( substr( get\_the\_excerpt(), 0, $blog\_desc\_words ) ) . '...' ); ?>

215

215

                            </div>

216

216

                            <?php

blog-filter/trunk/blog-filter-shortcode.php

r2968669

r2974261

197

197

<style>

198

198

<?php

199

echo $custom\_css;

199

200

echo esc\_html( $custom\_css );

200

201

?>

201

202

243

244

.bf\_thumb\_box\_1 {

244

245

    padding: inherit;

245

    background-color: <?php echo $blog\_desc\_box\_color; ?>;

246

    background-color: <?php echo esc\_html( $blog\_desc\_box\_color ); ?>;

246

247

    border: 1px solid;

247

248

    border-color: rgba( <?php echo $r; ?>, <?php echo $g; ?>, <?php echo $b; ?> );

248

    /\* border-color: #d5d8dd; \*/

249

249

}

250

250

.bf\_title\_box\_1 {

264

264

    margin-top: 10px;

265

265

    margin-bottom: 10px;

266

    font-size: <?php echo $blog\_title\_font\_size; ?>px !important;

266

    font-size: <?php echo esc\_html( $blog\_title\_font\_size ); ?>px !important;

267

267

    color : <?php echo esc\_html( $blog\_title\_color ); ?>;

268

268

    font-weight: bold;

269

269

}

270

270

.bf\_desc\_1 {

271

    font-size: <?php echo $blog\_desc\_font\_size; ?>px;

272

    color: <?php echo $blog\_desc\_color; ?>;

271

    font-size: <?php echo esc\_html( $blog\_desc\_font\_size ); ?>px;

272

    color: <?php echo esc\_html( $blog\_desc\_color ); ?>;

273

273

    margin:10px 1px;

274

274

}

blog-filter/trunk/blog-filter.php

r2968669

r2974261

6

6

Plugin Name: Blog Filter

7

7

Description: Blog / Post Filter and Blog / Post Gird layout Plugin For WordPress.

8

Version: 1.5.3

8

Version: 1.5.4

9

9

Author: A WP Life

10

10

Author URI: http://awplife.com/

36

36

    protected function \_constants() {

37

37

        // Plugin Version.

38

        define( 'BF\_PLUGIN\_VER', '1.5.3' );

38

        define( 'BF\_PLUGIN\_VER', '1.5.4' );

39

39

40

40

        // Plugin Text Domain.

blog-filter/trunk/readme.txt

r2968669

r2974261

6

6

Requires at least: 3.0

7

7

Tested up to: 6.3.1

8

Stable tag: 1.5.3

8

Stable tag: 1.5.4

9

9

License: GPLv2 or later

10

10

License URI: http://www.gnu.org/licenses/gpl-2.0.html

206

206

== Changelog ==

207

207

208

= 1.5.4 =

209

* fix Vulnerability issue with adding escaping functions.

210

208

211

= 1.5.3 =

209

212

* Comment section issue solved.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE