The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2.

1<?php2/\*3if(!is\_callable('recaptcha\_check\_answer')) require\_once(WP\_PLUGIN\_DIR . '/contact-form-with-captcha/captcha/recaptchalib.php');45$resp = null;6$error = null;78if ($\_POST\["recaptcha\_response\_field"\]) {9        $resp = recaptcha\_check\_answer ($privatekey,10                                        $\_SERVER\["REMOTE\_ADDR"\],11                                        $\_POST\["recaptcha\_challenge\_field"\],12                                        $\_POST\["recaptcha\_response\_field"\]);13\*/1415require\_once WP\_PLUGIN\_DIR . '/contact-form-with-captcha/captcha/autoload.php';1617if (isset($\_POST\['g-recaptcha-response'\]))18{19       $recaptcha \= new \\ReCaptcha\\ReCaptcha($privatekey);2021       $resp \= $recaptcha\->verify($\_POST\['g-recaptcha-response'\], $\_SERVER\['REMOTE\_ADDR'\]);2223        if ($resp\->isSuccess()) {24                25                {   26                    $\_POST \= str\_replace("\\\\","",$\_POST);27      28                    // --- CONFIG PARAMETERS --- //29                    $email\_recipient    \= $cfwc\_to;30                    $email\_sender       \= $\_POST\["contact\_name"\];31                    $email\_return\_to    \= $\_POST\["contact\_email"\];32                    $email\_content\_type \= "text/html; charset=UTF-8";33                    $email\_client       \= "PHP/" . phpversion();3435                    // --- SUBJECT --- //36                    $email\_subject \= $cfwc\_subject\_prefix . ' ' . $\_POST\["contact\_subject"\] . ' ' . $cfwc\_subject\_suffix ;373839                    // --- DEFINE HEADERS --- //4041                    $email\_header  \= "From:         =?UTF-8?B?".base64\_encode($email\_sender)."?=" . " <do\_not\_reply@" . $\_SERVER\['SERVER\_NAME'\] . ">" . "\\r\\n";4243                    //$email\_header .= "Subject:      =?UTF-8?B?".base64\_encode($email\_subject)."?=" . "\\r\\n";4445                    $email\_header .= "Reply-To:     " . $email\_return\_to . "\\r\\n";46                    $email\_header .= "Return-Path:  " . $email\_return\_to . "\\r\\n";47                    $email\_header .= "Content-type: " . $email\_content\_type . "\\r\\n";48                    $email\_header .= "X-Mailer:     " . $email\_client . "\\r\\n";4950                    // --- CONTENTS --- //51                    52                    $email\_contents \= "<html>";53                    $email\_contents .= "<h2>"                                . $\_POST\["contact\_subject"\] . "</h2>";54                    $email\_contents .= "<br><b>Sender Name:</b>         "    . $email\_sender;55                    $email\_contents .= "<br><b>Sender Email:</b>         "   . $email\_return\_to;56                    $email\_contents .= '<br><b>Sender IP Address:</b> ' . $\_SERVER\["REMOTE\_ADDR"\] . ' <strong>(<a href="http://www.teqlog.com/find-my-ip-address.html">Find location for this IP</a></strong>)';57                    $email\_contents .= "<br><br>" . $\_POST\["contact\_message"\];    58                    $email\_contents .= "</html>";59 60                    if (mail($email\_recipient, $email\_subject, $email\_contents, $email\_header))61                    {     62                        if ($cfwc\_success\_msg != null)63                        {64                            echo "<center><h2>" . $cfwc\_success\_msg . "</h2></center>";65                        }66                        else67                        {68                            echo "<center><h2>Thank you for contacting us!</h2></center>";69                        }70                    }       71                    else 72                    {     73                        if ($cfwc\_failure\_msg != null)74                        {75                            echo "<center><h2>" . $cfwc\_failure\_msg . "</h2></center>";76                        }77                        else78                        {79                            echo "<center><h2>Can't send email to Administrator. Please try later</h2></center>";80                        }      81                    } 82                }83        } 84        else 85        {?>86878889<h2>Something went wrong</h2>90        <p>The following error was returned: <?php91            foreach ($resp\->getErrorCodes() as $code) {92                echo '<tt>' , $code , '</tt> ';93            }94            ?></p>95        <p>Check the error code reference at <tt><a href="https://developers.google.com/recaptcha/docs/verify#error-code-reference">https://developers.google.com/recaptcha/docs/verify#error-code-reference</a></tt>.96        <p><strong>Note:</strong> Error code <tt>missing-input-response</tt> may mean the user just didn't complete the reCAPTCHA.</p>9798            99        <?php100           echo "<center><h2>Incorrect Captcha!</h2></center>";101        102        }103}104105106107?>108109<script language="JavaScript" type="text/javascript">110111function focuson() { document.cfwc\_contactform.number.focus()}112113function check(){114var str1 = document.getElementById("contact\_email").value;115var filter=/^(.+)@(.+).(.+)$/i116if (!( filter.test( str1 ))){alert("Incorrect email address!");return false;}117if(document.getElementById("recaptcha\_response\_field").value=="")118   {119       alert("Please enter captcha");120       return false;121   }122}123</script>124125<script type="text/javascript">126 var RecaptchaOptions = {127    theme : '<?php echo $cfwc\_captcha\_theme; ?>'128 };129 </script>130131<?php echo '<link rel="stylesheet" type="text/css" href="' . get\_bloginfo('wpurl') . '/wp-content/plugins/contact-form-with-captcha/cfwc.css" />';  ?>132133<div id="cfwc\_contactform">134135<form action="" method="POST" name="ContactForm" onsubmit="return check();">136137<table>138       <tbody>139         <tr>140             <td>141             <?php 142                 if ($cfwc\_full\_name != null)143                 {144                     echo $cfwc\_full\_name ;145                 }146                 else147                 {148                     echo "Full Name:"; 149                 }150             ?>151             <?php if ($cfwc\_form\_theme \== "stacked") {echo "<br>";} else {echo "</td><td>";} ?>152             <input name="contact\_name" type="text" value="<?php if(isset($\_POST\['contact\_name'\]) && !$resp\->is\_valid ) echo $\_POST\['contact\_name'\]; ?>"/>153             </td>154         </tr>155         <tr/><tr/><tr/><tr/>156         <tr>157             <td>158             <?php 159                 if ($cfwc\_e\_mail != null)160                 {161                     echo $cfwc\_e\_mail ;162                 }163                 else164                 {165                     echo "E Mail:";166                 }167             ?>168             <?php if ($cfwc\_form\_theme \== "stacked") {echo "<br>";} else {echo "</td><td>";} ?>169             <input id="contact\_email" name="contact\_email" type="text" value="<?php if(isset($\_POST\['contact\_email'\]) && !$resp\->is\_valid ) echo $\_POST\['contact\_email'\]; ?>"/></td>170         </tr>171         <tr/><tr/><tr/><tr/>172         <tr>173             <td>174             <?php 175                 if ($cfwc\_subj != null)176                 {177                     echo $cfwc\_subj ;178                 }179                 else180                 {181                     echo "Subject:"; 182                 }183             ?>184             <?php if ($cfwc\_form\_theme \== "stacked") {echo "<br>";} else {echo "</td><td>";} ?>185             <?php186                 if ($cfwc\_subject \== null)187                 {188                     echo '<input name="contact\_subject" class="cfwc\_inputdata" type="text" value="'; if(isset($\_POST\['contact\_subject'\]) && !$resp\->is\_valid ) echo $\_POST\['contact\_subject'\]; echo '"/>';189                 }190                 else191                 {192                     $subject\_tok \= explode(":",$cfwc\_subject);193                     echo '<select name="contact\_subject">';194                     foreach ($subject\_tok as $v) 195                     {196                         echo '<option value="' . $v . '">' . $v . '</option>';197                     }198                     echo '</select>';199                 }200             ?>201             </td>202         </tr>203         <tr/><tr/><tr/><tr/>204         <tr>205             <td>206             <?php 207                 if ($cfwc\_message != null)208                 {209                     echo $cfwc\_message ;210                 }211                 else212                 {213                     echo "Message:"; 214                 }215             ?>216             <?php if ($cfwc\_form\_theme \== "stacked") {echo "<br>";} else {echo "</td><td>";} ?>217             <textarea name="contact\_message" id="contact\_message" ><?php if(isset($\_POST\['contact\_message'\]) && !$resp\->is\_valid ) echo $\_POST\['contact\_message'\]; ?></textarea></td>218         </tr>219         <tr/><tr/><tr/><tr/>220         <tr>221            <td>222            <?php if ($cfwc\_form\_theme \== "stacked") {echo "<br>";} else {echo "</td><td>";} ?>223         <?php224            if ($publickey != null)225            {?>226                <div class="g-recaptcha" data-sitekey="<?php echo $publickey; ?>"></div>227            <script type="text/javascript"228                    src="https://www.google.com/recaptcha/api.js?hl=en">229            </script>230            <?php231            }232            else233            {234                echo "To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a> and enter it from the plugin menu";235            }236         ?>237            </td>238         </tr>239         <tr/><tr/><tr/><tr/>240         <tr>241            <td>242             <?php if ($cfwc\_form\_theme \== "stacked") {echo "<br>";} else {echo "</td><td>";} ?>243             <input name="Contact\_Send" value="<?php if ($cfwc\_button != null){ echo $cfwc\_button ; } else { echo "Send Message";} ?> " type="submit">            244             <input name="SendMessage"  value="1" type="hidden">245            </td>246         </tr>247         <tr>248            <td>249             <?php 250              /\*if ($cfwc\_credit != "true")251              echo '<p class="credit">Powered by <a href="http://www.teqlog.com">Technology blog</a></p>';252              else253              {254                  echo '<div id="cimg"><a title="Technology Blog" href="http://www.teqlog.com/"><img src="' ; echo WP\_PLUGIN\_URL; echo '/contact-form-with-captcha/1.gif" alt="Technology Blog" /></a></div>';255              }\*/256            ?>257            </td>258         </tr>259     </tbody>260</table>261262</form>263264</div>

CVE-2021-42358: cfwc-form.php in contact-form-with-captcha/trunk – WordPress Plugin Repository

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

**Description**

an user can enter a text room in janus gateway with a malicious name that contains a xss payload and could poison other users on the room

**Proof of Concept**

just go to https://janus.conf.meetecho.com/textroomtest.html this is provided by github repo as a demo

then enter in the name `<img src=x onerror=alert(document.domain)>`

**POC video :**

https://drive.google.com/file/d/1r8oy-BFGV\_Z1WICyQnR\_c5Nq4CAfxWuE/view?usp=sharing

**Impact**

This vulnerability is capable of poison the whole chat and steal other users creds or redirect users to malicious apps.

CVE-2021-4020: Cross-site Scripting (XSS) - Stored in janus-gateway

Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors.

CVE-2021-20840: Booking Package – Appointment Booking Calendar System

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability.

**Impact**

**If you do not use Google Login for your instance of Redash, this vulnerability does not affect you.**

The current implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a CSRF token, not a static and easily predicted value.

Our thanks to the reporter of this vulnerability, who wished to remain anonymous.

**Patches**

The current `master` and `release/10.x.x` branches address this by replacing `Flask-Oauthlib` with Authlib which automatically provides and validates a CSRF token for the `state` variable. The new implementation stores the next URL on the user session object.

Affected users should upgrade to V10.1. For Docker installations, you can upgrade to Docker Tag `redash/redash:10.1.0.b50633`.

**Workarounds**

Disabling Google Login will mitigate the vulnerability.

1.  First you should re-enable password login for your instance.
2.  Then disable Google login.
3.  After this, each user will need to reset their password from the log-in screen.

**References**

Redash Authentication Guide  
Google's Official guidance on the state token

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in getredash/redash if you believe further development is needed.
*   Start a thread in the forum.

CVE-2021-43777: Build software better, together

Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-38004: Stable Channel Update for Desktop

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

About Monorail User Guide Release Notes Feedback on Monorail Terms Privacy

CVE-2021-38000: 1249962 - chromium - An open-source project to help move the web forward.

The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue

CVE-2021-24873: Changeset 2615802 for tutor – WordPress Plugin Repository

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Creating a backup of your site has never been easier!

Simply install the plugin, click on “Create backup now” – done.

**Try it out on your free dummy site: Click here => https://tastewp.com/plugins/backup-backup**.

You can also schedule backups, e.g. define that a backup should be taken automatically every week (or every day/month).

Use a wide choice of configuration options:

*   Define exactly which files / databases should be in the backup, which not
*   Define where the backup will be stored (as of now, only local option is available, but we’ll expand this soon)
*   Define what name your backup should have, in which instances you should receive a notification email, and much more

This plugin is all in one solution if you need to migrate your site to another host or just restore the local backup.

Note: This (free) version is limited to backups of 2GB in size. For unlimited sizes, please have a look at the Premium Plugin.

If any questions come up, please ask us in the Support Forum – we’re always happy to help!

**Admin Installer via search**

1.  Visit the Add New plugin screen and select “Author” from the dropdown near search input
2.  Search for “Migrate”
3.  Find “Backup Migration” and click the “Install Now” button.
4.  Activate the plugin.
5.  The plugin should be shown below settings menu.

**Admin Installer via zip**

1.  Visit the Add New plugin screen and click the “Upload Plugin” button.
2.  Click the “Browse…” button and select the zip file of our plugin.
3.  Click “Install Now” button.
4.  Once uploading is done, activate Backup Migration.
5.  The plugin should be shown below the settings menu.

**How do I create my first backup?**

Click on “Create backup now” on the settings page of the Backup Migration plugin.

Backup Migration will by default create a backup that contains everything from your site, except the Backup Migration plugin’s own backups and WordPress installation – if you want to include the WordPress installation as well, tick the checkbox in the section “What will be backed up?”.

You can download backup or migrate your backup (use the plugin as a WordPress duplicator) immediately after the backup has been created.

**How do I restore a backup?**

*   If your backup is **located on your site**: Go to the Backup Migration plugin screen, then to the Manage & Restore Backup(s) tab where you have your backups list, click on the Restore button next to the backup you would like to restore.
    
*   If your backup is **located on another site**: Go to the Backup Migration plugin screen on site #1, then to the Manage & Restore Backup(s) tab where you have the backups list, click on the “Copy Link”-button in the “Actions”-column. Go to the Backup Migration plugin screen on site #2, then to the Manage & Restore Backup(s) tab, click on “Super-quick migration”, paste the copied link, and hit the “Restore now!” button. This process will first import backup then restore it, i.e. Backup Migrate also serves as backup importer.
    
*   If your backup is _located on another device_: Go to the Backup Migration plugin screen, then to the Manage & Restore Backup(s) tab, and click on the “Upload backup files” button. After the upload, click on the Restore button next to the backup you would like to restore.
    

**How do I migrate or clone my site?**

Migrate (or clone) a WordPress site by creating a full backup on the site that you want to migrate (clone) – site #1.

*   To transfer website **directly from site #1 to site #2**: Go to the Backup Migration plugin screen on site #1, then to the Manage & Restore Backup(s) tab where you have the backups list, click on the Copy Link button in the Actions column. Go to the Backup Migration plugin screen on site #1, then to the Manage & Restore Backup(s) tab, click on “Super-quick migration”, paste the copied link, and hit the “Restore now!” button. Make sure that the backup file on site #1 is accessible by setting “Accessible via direct link?” to “Yes” in the plugin section “Where shall the backup(s) be stored?”
    
*   To migrate the website **indirectly**: Go to the Backup Migration plugin screen, then to the Manage & Restore Backup(s) tab, and click on the “Upload backup files” button. After the upload, click on the Restore button next to the backup you would like to restore.
    

**Where can I find my backups?**

Backup Migration allows you to download backups, migrate backups, or delete backups directly from the plugin screen Manage & Restore Backup(s). By default, the migrator plugin will store a backup to /wordpress/wp-content/backup-migration but you can change the backup location to anywhere you please.

**How to run automatic backups?**

Enabling automatic backups is done on the Backup Migration plugin’s home screen, just next to the “Create backup now!” button. Auto backup can run on a monthly, weekly, or daily basis. You can set the exact time (and day) and how many automatic backups would you like to keep in the same Backup Migration plugin section. We recommend that you optimize the number of backups that will be kept according to available space.

**How big are backup files?**

Backup file size depends on the criteria you select on the “What will be backed up?” section of the Backup Migration plugin. There you can see file/folder size calculations as you Save your settings. Usually, WordPress’ Uploads folder is the heaviest, while Databases are the lightest. If you are looking to save up space, you might want to deselect Plugins and WordPress installation folders, as you can usually download those anytime from WP sources.

**Is the backup creation and site migration free?**

Yes. You can create full site backups, automatic backups, and migrate your site (duplicate site) free of charge. Backup Migration Pro provides more sophisticated filters and selections of files that will be included/excluded from backups (affecting backup size), faster backup creation times, number of external backup storage locations, backup encryption, backup file compression methods, advanced backup triggers, additional backup notifications by email, priority support, and more.

**Is cloud backup available?**

Backup to cloud are some of the upcoming features, that will be available,  
In Free version: Google Drive, FTP, Amazon S3, Rackspace, DreamObjects, Openstack and  
In Premium version: Google cloud, SFTP/SCP, Microsoft Azure, OneDrive, Backblaze, and more.

**How are you better than other backup/migration plugins?**

Besides having the most intuitive interface and smoothest user experience, Backup Migration plugin will always strive to give you more than any competitor:  
– Updraftplus: They charge for migration, with our plugin it’s free;  
– All-in-One WP Migration: In the free version, compared to our plugin – they don’t have selective/partial backups; they lack advanced options and each external storage is on a separate extension plugin; they have no automatic backups;  
– Duplicator: In the free version, compared to our plugin – they have no selective backups, exclusion rules, no automatic backups and no migration;  
– WPvivid: In the free version, compared to our plugin – they don’t have selective/partial backups, exclusion rules, or automatic backups;  
– BackWPup: In the free version, compared to our plugin – they lack restore options, backups are slower, automatic backups are dependant on wp cron;  
– Backup Guard: In the free version, compared to our plugin – they have no selective backups, exclusion rules; no direct migration;  
– XCloner: Automatic backups are dependant on wp cron; full restore not available on a local server;  
– Total Upkeep: They lack the advanced selective backups and exclusion rules, lacks a monthly backup schedule

![](https://secure.gravatar.com/avatar/8c2364e9a7f779fc5b9bec21c3d365a3?s=60&d=retro&r=g)

Superb plugin. Recommended!!!

![](https://secure.gravatar.com/avatar/7ae3adec922580024e03856754d6ae4b?s=60&d=retro&r=g)

Alles was es braucht in der Free-Version! Top!

![](https://secure.gravatar.com/avatar/0a5a9da354abb82579b55397dcf3eef8?s=60&d=retro&r=g)

It is simply the best back-up/migration plugin of all. Do not look for any other, really.

![](https://secure.gravatar.com/avatar/6ddd45007502a595c49467bdc10da3fa?s=60&d=retro&r=g)

This is a nice plugin. Backups are fast and the plugin is easy to use.

![](https://secure.gravatar.com/avatar/550ca0c647fd692cc18a19c663c68920?s=60&d=retro&r=g)

Easy to use and works great.

![](https://secure.gravatar.com/avatar/73d62734a5e9fbfa457809ef7158a3b7?s=60&d=retro&r=g)

Don't overlook the need to backup or migrate your site. It will save you time, anxiety, and money. And this plugin makes it easy. thank you!

Read all 169 reviews

“Backup Migration” is open source software. The following people have contributed to this plugin.

Contributors

*   ![](https://secure.gravatar.com/avatar/f6e6205621bdc8397707136381985800?s=32&d=mm&r=g) migrate

**1.1.6**

*   Plugin tested with PHP 8.1
*   Plugin tested with WP Version 5.8.2
*   Fixed PHP CLI for sites above 2 GB (premium)
*   Modified default settings for new users, to solve most common issues
*   Modified default query output to 500 per batch, to solve most common database issue
*   Fixed undefined variables of zipping module (PHP 7.4+)
*   Fixed backups made with PHP CLI when the ZIP wasn’t closed correctly
*   Visual updates for our cool banner
*   Super-Quick Migration now should work with PHP CLI
*   Now WordPress version will be displayed in the logs
*   Fixed English typo in logs “enginge” => “engine”
*   Added additional sanitization for e-mail, e-mail title and directory (Thank you @Vlad Visse (Patchstack))
*   Added version tag

**1.1.5**

*   Fixed typos in tooltip about queries
*   Modified default value of queries

**1.1.4**

*   Tested up to WordPress 5.8.1
*   Fixed warnings in PHP 8 and adjusted ob\_clean functions (Thank you @jrevillini)
*   Added force stop for restoration and migration process
*   Added force stop for backup process (troubleshooting option)
*   Added splitting option for restore and migration process
*   Fixed STEP display in process window for restore and backup
*   Adjusted logs output for restore and backup process
*   Updated database engine for export and import using new technique
*   Added new option to specify export queries per file and restore batch
*   Implemented splitting n into CLI restoration (disabled by default)

**1.1.3**

*   Fixed PHP CLI migration process (in case of different table prefix)
*   Restricted access to global logs
*   Restricted access to backup logs
*   Added censor for backup name in all log files
*   Added censor for sensitive details in global log and others
*   Randomize folder name for each site, it will rename old directory as well
*   Backup hash name will be now extended up to 16 characters including A-z
*   Decreased default database batch size to 250 from 2500 queries
*   Added constant **_ABSPATH_** for exclusion rules
*   Tested up to WordPress 5.8

**1.1.2**

*   Added new option which allow to specify own PHP CLI path
*   Added possibility to disable PHP CLI for both restore and backup process
*   Fixed output data restore process – should not hang up on success
*   Fixed output data for backup process – should not hang up on success as well
*   Added batching for restore process, should extend execution time
*   Increased batch size for huge sites up to 40k files per batch
*   Increased default max size of batch from 60 MB to 96 MB
*   Fixed issues with PHP CLI when the output was not correct
*   Added possibility to download live log of restore process (useful when it hang up)
*   Restore process now can calculate file amount before extraction
*   Added secret keys for restore process – should be much more secure now
*   Added batching for database export, plugin should use maximum execution time now
*   Removed debug information in console log (should be in 1.1.1)
*   Added batching for files extraction during restore process
*   Restore process now shows extraction progress – the process is slower because of it but more stable
*   Fixed PHP CLI for premium users where the site is too large
*   Fixed SuperQuick Migration via PHP CLI – now the process should continue automatically
*   Added notice logging into restore process
*   Now restore process will continue on notice like uninitialized classname
*   Fixed issue when restore process hangs up (5.6 – 7.4 PHP versions) due to uninitialized classname

**1.1.1**

*   Modified restore safe limit calculation for better performance
*   Fixed issues with restore on PHP 8
*   Fixed database restore issues, when the database is damaged
*   Adjusted database parser for older MySQL versions
*   Updated storage front-end UX

**1.1.0**

*   Fully tested with WordPress 5.7.2
*   Fixed rare notices and warnings of PHP 8
*   New database engine for restore and backup process
*   Rewritten find and replace method for database migration
*   Changed default configuration settings
*   Added “insecure download” option for LiteSpeed Web Servers
*   Added possibility to run backup or restore process via shell (PHP CLI aka WP CLI)
*   Increased support for free users up to 2 GB size of site.
*   Final files now will be included in the last batch (for cURL and Browser method)
*   Update of success modals (restore & backup)
*   New smart PHP CLI detection tool, it will check for valid PHP executable binary file
*   Plugin now requires at least PHP CLI of 5.6 version – for older it will run legacy methods
*   Fixed automatic backup issue when it was impossible to disable with plugin’s options
*   Increased stability of hick-ups screens, false positives should not happen now
*   Added full support for ZipArchive add-on
*   Super-Quick Migration now can run as PHP CLI process (download can’t be aborted by Web Server now)
*   Backups created with this version are not supported by older versions of this plugin
*   Backups created with older versions can be restored with this version (1.1.0) and above
*   Newly created backups should not cause fatal errors if they were aborted / killed during restore
*   Hardly excluded wp-config.php from backup, can be restored only manually if needed
*   Fixed error “Tried to allocate xxx bytes” during migration & backup (tested up to 650 MB database size)
*   Excluded other plugins from Backup Migration plugin error log
*   Optimized logging for global logs of Backup Migration log – file should be smaller now
*   Added new settings in “Other Options” section
*   If restore fail the temporary files should be fully cleaned up now

**1.0.9**

*   Fixed issue of v1.0.8 \[Automatic backups does not work\]
*   Fixed issue of v1.0.8 \[Download of backup does not work\]

**1.0.8**

*   Added warnings for huge files (above 60 MB)
*   Increased timeout limit
*   Now plugin will ignore server abort command (should help in some cases)
*   Progress bar won’t show the counter if file count isn’t known
*   Increased default memory to (minimum: 384 MB)
*   Added smart chunker for bigger sites (now it’s possible to have chunks of 2500 files)
*   Improved performance of the backups (should be much faster for sites 3000+ files)
*   Database import is now memory friendly (database size can be really big, without error)
*   Database export is also chunked for better stability of the backup
*   Support for page builders – now cloned site should be perfect mirror
*   Quick Migration: Removed timeout for huge files (should download full file now)
*   Added better memory calculator, mostly improvement for shared hostings.
*   Fixed issues on SunOS with free space calculator.
*   Added support for installations not inside root (e.g. domain.tld, domain.tld/wordpress)
*   Fixed issue when your database contains ‘-‘ character (fetch() function)
*   Fixed PclZip issue i.e. “requires at least 18 bytes”
*   Fixed BMI\\Plugin\\Zipper\\finfo\_open() error
*   Premium: Replaced PclZip with more stable & dedicated edition of this module
*   Premium: Improved performance of the core overall (smaller size to decrypt)
*   Since now only site Administrator can manage backups by default
*   Added permission “do\_backups” – users with this permissions
*   Added new option “Bypass server limits”
*   Added support for ZipArchive (only when some bypass function is enabled)
*   Added support for PHP Cli – it will be preferred option now

**1.0.7**

*   Hot fix – Restore process fixed when premium plugin is activated

**1.0.6**

*   Backup Support for WordPress 5.6
*   Backup Support for PHP 8.0
*   Fixed issue with completely empty backup files (0 bytes)
*   Fixed back up progress (NaN shouldn’t display anymore)
*   For better backup & network performance decreased amount of calls
*   Admin can bypass backup logs protection (File won’t expire for them)
*   Added update information to downloaded backup and restore logs
*   Added some server infos to backup / migration logs
*   Support for backup “front-end” errors – for easier debugging
*   Server back up errors should be also logged in (limited on LSWS)
*   Better back up error logging – global log will contain all errors
*   Added back up troubleshooting option: send test email
*   Added back up troubleshooting option: fix php\_uname warning/error
*   Removed back up PHP Errors reports from log files

**1.0.5**

*   Premium relation
*   Translations adjustment
*   Load priority change (for better performance of entire website)

**1.0.4**

*   Removed included PclZip
*   Added support for WordPress 4.6
*   Support for PHP 5.6
*   Rephrased some tooltips to be more clear
*   Added support for custom wp-content folder
*   Changed excluded files by default

**1.0.3**

*   Created special htaccess for litespeed
*   Added dynamic counter of current file
*   Added more info in backup logs

**1.0.2**

*   Dedicated space checking with dummy file
*   Added smart memory manager
*   Fixed migration issues (database)
*   Fixed backup issues (litespeed users)
*   Progress won’t hide on front-end error (e.g. lost connection)
*   Added more error messages (backup)

**1.0.1**

*   Changed tooltips background color for better contrast
*   Updated some translation strings

**1.0.0**

*   Initial release

CVE-2021-36884: Backup Migration

Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.

CVE-2021-44037: Team Password Manager Change log

There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page.

**Description**

A Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3 can cause arbitrary code to run in a user’s browser while the browser is connected to a trusted website. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3 stored on the configuring project ID page.

**Proof of concept: (POC)**

The following vulnerability was detected in WordPress Microsoft Clarity Plugin version 0.3.

1.  Log in to the WordPress application.
    
2.  Install Microsoft Clarity plugin to your WordPress application.
    

![](https://lh5.googleusercontent.com/wb98AgW4-MpJLorJxAtdcf4pDDChhsnMW80w5V-x4eNO528Qt_P8tIE1iwIsvgu1s1il3r3h48IewxLP6Jq4lHMFSh1oegxYkUMaRwc_7fQCAbV9gksWMB5iXTP1vlq0x_6a31Mh)

_**Figure 1:** Microsoft Clarity Plugin Installation_

3.  Click on Settings, and the Clarity Setting page appears.
    

![](https://lh5.googleusercontent.com/deYKBUQT-OPwVpe3pl12PpEQ-odCTMkGbfEa8BvZjJvjJkMIIKjHkHHQM9vQxTCCHPVLUftJ8UrUuqN1i1sp5VGDU6rudUCd3-SlRNl7tjQgqNDrGmOyVRHCDj_nmu0pJn_3tN1W)

_**Figure 2:** Microsoft Clarity Settings Page_

4.  In the Clarity Settings page, enter the payload in the ‘project ID’ section (clarity\_project\_id parameter).
    

![](https://lh6.googleusercontent.com/f_al6gDvt_KZ4uk0QoQfglrzfDes7sSArWUIe5mQmegQUhHGY78gKwNQk1xakyQS4cWeDUf9qXqesxNaxh2qvxrdSk9pnCEIaXoITW8P42VCi7dphB4QgD-CY7McbFH8P7VAKm-k)

_**Figure 3:** Entering Encoded Xss Payload in the Project ID section_

5.  Injected XSS payload gets executed whenever the user changes the clarity configuration page.
    

![](https://lh6.googleusercontent.com/iVJFB5ZpEnqPnVgogm02MoFIlk39fLuY24ZU49JY1uAj5qe1fIiLGhWIKXPOxzTle8Ld87G_VK9a0c_lOCGEzsLWY73cBsbjImhVoDnJiVJYhTGlprFaqESO1g5L3zhdvcQ5NurT)

_**Figure 4:** Injected XSS Payload Executed and Displays an Alert Box_

**Impact**

An attacker can control a script executed in the victim's browser and fully compromise the targeted user. In addition, an XSS vulnerability enables attacks that are contained within the application itself. There is no need to find an external way of inducing the victim to make a request containing their exploit. Instead, the attacker places the exploit inside the application itself and simply waits for users to encounter it, thus, resulting in the following --

*   Stealing cookies,
    
*   End-user files disclosure,
    
*   Installation of Trojan horse programs,
    
*   Redirection of the user to some other page or site.
    

**Remediations**

1.  Perform context-sensitive encoding of untrusted input before it is echoed back to a browser by using the encoding library.
    
2.  Implement input validation for special characters on all the variables reflected in the browser and stored in the database.
    
3.  Implement client-side validation.
    

![](https://lh3.googleusercontent.com/DgF9NjE-phywUL8-THv5tVayF4RMV2gTaJLRSV_M4BNldFHpZPTKxWUn7VBuSW4teqWLZkVjdnh7FdasQFzy-6y5tN_ZdihVP4gERYr8AA8C6DucvKFQB5ICWU4wl_oq0LgGHBef)

_**Figure 5:** Cross-Site Scripting Mitigation Setting in the wp.config File Prevents Cross-site Scripting Attacks_

**Timeline**

**17 October 2021:** Discovered in Microsoft Clarity version 0.3

**20 October 2021:** Reported to WordPress Team.

**20 October 2021:** WordPress acknowledged.

**25 October 2021:** Microsoft Clarity Plugin fixed the issue.

**07 November 2021:** CSW Assigned the CVE Identifier \[CVE-2021-33850\]

**Discovered by**

Cyber Security Works Pvt. Ltd.

  

Talk to CSW's team of experts to secure your landscape.

Tag

#google