Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-35037: Changeset 2336019 for events-manager – WordPress Plugin Repository

The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues

CVE
Open in Source
#sql#xss#vulnerability#web#google

Timestamp:

07/06/2020 12:21:26 PM (17 months ago)

netweblogic

Message:

update 5.9.8

Location:

events-manager/trunk

Files:

  • classes/em-object.php (1 diff)
  • classes/event-locations/em-event-location-url.php (1 diff)
  • classes/event-locations/em-event-location.php (1 diff)
  • events-manager.php (4 diffs)
  • readme.txt (4 diffs)

Legend:

Unmodified

Added

Removed

  • events-manager/trunk/classes/em-object.php

    r2330031

    r2336019

1029

1029

        if( !empty($request\['em\_search'\]) && empty($args\['search'\]) ) $request\['search'\] = $request\['em\_search'\]; //em\_search is included to circumvent wp search GET/POST clashes

1030

1030

        $accepted\_searches = !empty($accepted\_searches) ? $accepted\_searches : self::get\_default\_search();

 

1031

        $accepted\_searches = array\_diff($accepted\_searches, array('format', 'format\_header', 'format\_footer'));

1031

1032

        $accepted\_searches = apply\_filters('em\_accepted\_searches', $accepted\_searches, $args);

1032

1033

        //merge variables from the $request into $args

  • events-manager/trunk/classes/event-locations/em-event-location-url.php

    r2330031

    r2336019

14

14

    public $properties = array('url', 'text');

15

15

   

16

 

    public function get\_post( $post = array() ){

17

 

        $return = parent::get\_post($post);

18

 

        if( empty($post) ) $post = $\_POST;

19

 

        if( !empty($post\['event\_location\_url'\]) ){

20

 

            $this->event->event\_location\_data\['url'\] = esc\_url\_raw($post\['event\_location\_url'\]);

 

16

    public function get\_post(){

 

17

        $return = parent::get\_post();

 

18

        if( !empty($\_POST\['event\_location\_url'\]) ){

 

19

            $this->event->event\_location\_data\['url'\] = esc\_url\_raw($\_POST\['event\_location\_url'\]);

21

20

        }

22

 

        if( !empty($post\['event\_location\_url\_text'\]) ){

23

 

            $this->event->event\_location\_data\['text'\] = sanitize\_text\_field($post\['event\_location\_url\_text'\]);

 

21

        if( !empty($\_POST\['event\_location\_url\_text'\]) ){

 

22

            $this->event->event\_location\_data\['text'\] = sanitize\_text\_field($\_POST\['event\_location\_url\_text'\]);

24

23

        }

25

24

        return $return;

  • events-manager/trunk/classes/event-locations/em-event-location.php

    r2330031

    r2336019

90

90

     \* @return boolean

91

91

     \*/

92

 

    public function get\_post( $post = array() ){

93

 

        if( empty($post) ) $post = $\_POST;

 

92

    public function get\_post(){

94

93

        $this->event->event\_location\_data = array();

95

94

        return true;

  • events-manager/trunk/events-manager.php

    r2330031

    r2336019

2

2

/\*

3

3

Plugin Name: Events Manager

4

 

Version: 5.9.7.5

 

4

Version: 5.9.8

5

5

Plugin URI: http://wp-events-plugin.com

6

6

Description: Event registration and booking management for WordPress. Recurring events, locations, google maps, rss, ical, booking registration and more!

…

…

 

29

29

30

30

// Setting constants

31

 

define('EM\_VERSION', 5.975); //self expanatory

 

31

define('EM\_VERSION', 5.98); //self expanatory

32

32

define('EM\_PRO\_MIN\_VERSION', 2.6712); //self expanatory

33

33

define('EM\_PRO\_MIN\_VERSION\_CRITICAL', 2.377); //self expanatory

…

…

 

533

533

                $event\_id = $matches\[1\];

534

534

            }else{

535

 

                $event\_id = $wpdb->get\_var('SELECT event\_id FROM '.EM\_EVENTS\_TABLE." WHERE event\_slug='{$\_REQUEST\['event\_slug'\]}' AND blog\_id!=".get\_current\_blog\_id());

 

535

                $query = $wpdb->prepare('SELECT event\_id FROM '.EM\_EVENTS\_TABLE.' WHERE event\_slug = %s AND blog\_id != %d', $\_REQUEST\['event\_slug'\], get\_current\_blog\_id());

 

536

                $event\_id = $wpdb->get\_var($query);

536

537

            }

537

538

            $EM\_Event = em\_get\_event($event\_id);

…

…

 

548

549

                $location\_id = $matches\[1\];

549

550

            }else{

550

 

                $location\_id = $wpdb->get\_var('SELECT location\_id FROM '.EM\_LOCATIONS\_TABLE." WHERE location\_slug='{$\_REQUEST\['location\_slug'\]}' AND blog\_id!=".get\_current\_blog\_id());

 

551

                $query = $wpdb->prepare('SELECT location\_id FROM '.EM\_LOCATIONS\_TABLE." WHERE location\_slug = %s AND blog\_id != %d", $\_REQUEST\['location\_slug'\], get\_current\_blog\_id());

 

552

                $location\_id = $wpdb->get\_var($query);

551

553

            }

552

554

            $EM\_Location = em\_get\_location($location\_id);

  • events-manager/trunk/readme.txt

    r2330031

    r2336019

2

2

Contributors: netweblogic, nutsmuggler

3

3

Donate link: http://wp-events-plugin.com

4

 

Tags: bookings, calendar, tickets, events, buddypress, event management, google maps, maps, locations, registration

 

4

Tags: bookings, calendar, tickets, events, buddypress, event management, google maps, maps, locations, registration, zoom

5

5

Text Domain: events-manager

6

6

Requires at least: 5.2

7

7

Tested up to: 5.4

8

 

Stable tag: 5.9.7.3

 

8

Stable tag: 5.9.8

9

9

Requires PHP: 5.3

10

10

…

…

 

28

28

\* Multiple Tickets

29

29

\* MultiSite Support

 

30

\* Multiple Location Types

 

31

 \* Physical Locations

 

32

 \* Online Events (URLs)

 

33

 \* \[Zoom Webinars/Meetings Integration\](https://wordpress.org/plugins/events-manager-zoom/)

30

34

\* BuddyPress Support

31

35

 \* Submit Events

…

…

 

63

67

We have a premium "Pro" add-on for Events Manager which not only demonstrates the flexibility of Events Manager, but also adds some important features including but not limited to:

64

68

65

 

\* PayPal, Authorize.net and Offline Payments

 

69

\* PayPal, Stripe, Authorize.net and Offline Payments

66

70

\* Custom booking forms

67

71

\* Individual Attendee custom forms

…

…

 

112

116

113

117

\== Changelog ==

114

 

\= 5.9.7.5 (dev version) =

 

118

\= 5.9.8 =

 

119

\* added Location Types including URL and (via external free add-on) Zoom support!

 

120

\* added native OAuth support for third party integrations (e.g. Zoom)

 

121

\* added $EM\_Event object to booking form template actions

 

122

\* changed $EM\_Booking->booking\_status to protected so that status returns 1 even if approvals are disabled

 

123

\* fixed XSS vulnerability (kudos to Jakob Wierzba)

 

124

\* fixed potential SQL injection vulnerability (kudos to Antony Garand from Godaddy)

 

125

\* fixed fatal errors in BuddyPress if notifications are disabled

 

126

\* fixed minor PHP warning

115

127

\* fixed Yoast SEO 14.0 conflict

116

 

\* added Location Types including URL and (via external free add-on) Zoom support!

117

 

\* added $EM\_Event object to booking form template actions

118

 

\* added native OAuth support for third party integrations (e.g. Zoom)

119

 

\* fixed fatal errors in BuddyPress if notifications are disabled

120

 

\* changed $EM\_Booking->booking\_status to protected so that status returns 1 even if approvals are disabled

121

 

\* fixed minor PHP warning

122

128

123

129

\= 5.9.7.3 =

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE