Headline

CVE-2023-3168: Changeset 2933637 for wp-reroute-email – WordPress Plugin Repository

The WP Reroute Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

1 year ago

CVE

Open in Source

#sql #xss #vulnerability #web #wordpress #php #auth

Timestamp:

07/04/2023 05:57:26 AM (8 days ago)

msh134

Message:

Fixed the vulnerability - Unauthenticated Stored Cross-Site Scripting via Email Subject.

Location:

wp-reroute-email/trunk

Files:

includes/db_log_list.class.php (1 diff)
readme.txt (2 diffs)
wp-reroute-email.php (2 diffs)

Legend:

Unmodified

Added

Removed

wp-reroute-email/trunk/includes/db_log_list.class.php

r2918564

r2933637

28

28

        );

29

29

30

 

        return sprintf('%1$s %2$s', $item->subject, $this->row\_actions($actions));

 

30

        return sprintf('%1$s %2$s', wp\_kses\_post($item->subject), $this->row\_actions($actions));

31

31

    }

32

32

wp-reroute-email/trunk/readme.txt

r2918564

r2933637

3

3

Tags: mail, email, developer tool, development server

4

4

Tested up to: 6.2.2

5

 

Stable tag: 1.4.9

 

5

Stable tag: 1.5.0

6

6

License: GPLv2 or later

7

7

…

…

 

33

33

34

34

\== Changelog ==

 

35

\= 1.5.0 =

 

36

\* Fixed the vulnerability - Unauthenticated Stored Cross-Site Scripting via Email Subject.

 

37

35

38

\= 1.4.9 =

36

39

\* Security fixes.

wp-reroute-email/trunk/wp-reroute-email.php

r2918564

r2933637

4

4

 \* Plugin URI: http://wordpress.org/extend/plugins/wp-reroute-email/

5

5

 \* Description: This plugin intercepts all outgoing emails from a WordPress site and reroutes them to a predefined configurable email address.

6

 

 \* Version: 1.4.9

 

6

 \* Version: 1.5.0

7

7

 \* Author: Sajjad Hossain

8

8

 \* Author URI: http://www.sajjadhossain.com

…

…

 

233

233

       

234

234

        $sql = "INSERT INTO $table\_name (subject, message, recipients\_to, recipients\_cc, recipients\_bcc, has\_attachment, sent\_on)

235

 

                VALUES('" . esc\_sql($phpmailer->Subject) . "',

236

 

                '" . esc\_sql($phpmailer->Body) . "',

237

 

                '" . esc\_sql($recipients\_to) . "',

238

 

                '" . esc\_sql($recipients\_cc) . "',

239

 

                '" . esc\_sql($recipients\_bcc) . "',

 

235

                VALUES('" . esc\_sql(sanitize\_text\_field($phpmailer->Subject)) . "',

 

236

                '" . esc\_sql(sanitize\_post($phpmailer->Body)) . "',

 

237

                '" . esc\_sql(sanitize\_text\_field($recipients\_to)) . "',

 

238

                '" . esc\_sql(sanitize\_text\_field($recipients\_cc)) . "',

 

239

                '" . esc\_sql(sanitize\_text\_field($recipients\_bcc)) . "',

240

240

                '" . (empty($attachments) ? 0 : 1) . "',

241

241

                '" . current\_time('mysql', TRUE) . "')";

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

10 months ago

10 months ago

10 months ago

10 months ago

10 months ago