Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-27860: Footer Text

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge’s Footer Text plugin <= 2.0.3 on WordPress.

CVE
#xss#csrf#git#wordpress#php

This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

  • Details
  • Reviews
  • Installation
  • Support
  • Development

Description

Provides an interface in the dashboard, similar to the post edit screen, that allows you to easily change the text displayed in the footer on the front-end. After installing the plugin, add the footer_text() template tag to your footer.php theme template where you want the text to display. For more options, see the FAQ.

You can use these shortcodes in the footer text editor:

  • [last_modified] the date that the current page was last modified on
  • [page_link] the full permalink of the current page, formatted. The content wrapped in this shortcode will be used as the link text
  • [year] the current year eg: 2013

Visit the plugin homepage, or contribute to its development at GitHub.

Screenshots

Installation

  1. Upload the footer-text directory to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Visit Appearance > Footer Text to write your awesome footer text
  4. Place the footer_text() template tag somewhere in your theme where you want the text displayed
  5. Visit site. Observe.

FAQ

How can I display the footer text in my theme?

You can use the footer_text() function to display the footer text, or the get_footer_text() function to return it for use in PHP. These template tags should generally be used in the footer.php file of your theme.

The footer_text() function outputs the formatted footer text and accepts three parameters: $before, $after and $default. $before will be outputted before the text, $after will be outputted after the text, and $default will be used instead of the text is none is set. If no text is set $default is empty, nothing will be displayed.

The get_footer_text() function returns the formatted footer text and accepts one parameter: $default, which will be returned if no text is set.

If the plugin isn’t active, the template tag will result in an error. To solve this, you can use an action hook instead:

do_action( 'footer_text', $default, $before, $after );

This works the same as calling the footer_text() function, and any of the three arguments can be omitted.

Reviews

Erik September 3, 2016

It still does the trick, even in 4.4!

mojen September 3, 2016

Does exactly what it says on the tin. It works with Insert Pages shortcodes as well. Thank you!

Read all 6 reviews

Contributors & Developers

“Footer Text” is open source software. The following people have contributed to this plugin.

Contributors

  • Shea Bunge

Changelog****2.0.3

  • Added a message when the text is updated.

2.0.2

  • Use a <h1> heading on administration pages

2.0.1

  • Update screenshots for WordPress 3.9
  • Add braces to one-line conditionals

2.0.0

  • Delete footer text from database on uninstall
  • Added an action as an alternate way to display footer text
  • Restructured code
  • Fixed [page_link] shortcode
  • Added custom ‘edit_footer_text’ capability
  • Added support for translations

1.0.0

  • Initial release

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907