A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.

Timestamp:

07/25/2019 09:33:24 AM (4 years ago)

webdorado

Message:

Fixed: security issue  

Location:

photo-gallery/trunk

Files:

  

*   filemanager/model.php (2 diffs)
*   photo-gallery.php (2 diffs)
*   readme.txt (2 diffs)

**Legend:**

Unmodified

Added

Removed

*   **photo-gallery/trunk/filemanager/model.php**
    
    r2087021
    
    r2128378
    
     
    
    50
    
    50
    
            $orderby = $params\['orderby'\];
    
    51
    
    51
    
            $order = $params\['order'\];
    
     
    
    52
    
        if ( $orderby != 'size' && $orderby != 'name' ) {
    
     
    
    53
    
          $orderby = 'date\_modified';
    
     
    
    54
    
        }
    
     
    
    55
    
        if ( $order != 'asc' ) {
    
     
    
    56
    
          $order = 'desc';
    
     
    
    57
    
        }
    
    52
    
    58
    
            $search = $params\['search'\];
    
    53
    
    59
    
            $page\_num = $params\['page\_num'\];
    
    …
    
    …
    
     
    
    149
    
    155
    
            $orderby = $params\['orderby'\];
    
    150
    
    156
    
            $order = $params\['order'\];
    
     
    
    157
    
        if ( $orderby != 'size' && $orderby != 'name' ) {
    
     
    
    158
    
          $orderby = 'date\_modified';
    
     
    
    159
    
        }
    
     
    
    160
    
        if ( $order != 'asc' ) {
    
     
    
    161
    
          $order = 'desc';
    
     
    
    162
    
        }
    
    151
    
    163
    
    152
    
    164
    
            $query  = ' SELECT \* FROM \`' . $wpdb->prefix . 'bwg\_file\_paths\`';
    
*   **photo-gallery/trunk/photo-gallery.php**
    
    r2120867
    
    r2128378
    
     
    
    4
    
    4
    
     \* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm\_source=photo\_gallery&utm\_medium=free\_plugin
    
    5
    
    5
    
     \* Description: This plugin is a fully responsive gallery plugin with advanced functionality.  It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
    
    6
    
     
    
     \* Version: 1.5.30
    
     
    
    6
    
     \* Version: 1.5.31
    
    7
    
    7
    
     \* Author: Photo Gallery Team
    
    8
    
    8
    
     \* Author URI: https://10web.io/plugins/?utm\_source=photo\_gallery&utm\_medium=free\_plugin
    
    …
    
    …
    
     
    
    85
    
    85
    
        $this->plugin\_url = plugins\_url(plugin\_basename(dirname(\_\_FILE\_\_)));
    
    86
    
    86
    
        $this->main\_file = plugin\_basename(\_\_FILE\_\_);
    
    87
    
     
    
        $this->plugin\_version = '1.5.30';
    
    88
    
     
    
        $this->db\_version = '1.5.30';
    
     
    
    87
    
        $this->plugin\_version = '1.5.31';
    
     
    
    88
    
        $this->db\_version = '1.5.31';
    
    89
    
    89
    
        $this->prefix = 'bwg';
    
    90
    
    90
    
        $this->nicename = \_\_('Photo Gallery', $this->prefix);
    
*   **photo-gallery/trunk/readme.txt**
    
    r2120867
    
    r2128378
    
     
    
    4
    
    4
    
    Requires at least: 3.4
    
    5
    
    5
    
    Tested up to: 5.2
    
    6
    
     
    
    Stable tag: 1.5.30
    
     
    
    6
    
    Stable tag: 1.5.31
    
    7
    
    7
    
    License: GPLv2 or later
    
    8
    
    8
    
    License URI: http://www.gnu.org/licenses/gpl-2.0.html
    
    …
    
    …
    
     
    
    282
    
    282
    
    283
    
    283
    
    \== Changelog ==
    
     
    
    284
    
     
    
    285
    
    \= 1.5.31 =
    
     
    
    286
    
    \* Fixed: Vulnerability.
    
    284
    
    287
    
    285
    
    288
    
    \= 1.5.30 =
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2019-14313: Changeset 2128378 – WordPress Plugin Repository

A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

CVE-2019-13571

WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.

CVE-2019-1010124

An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php.

**LFI (Local file inclusion), Arbitrary file deletion and RCE in Adaptive Images for WordPress plugin.**

This plugin, developed by Nevma is used to serve images in Wordpress based on device resolution, allowing an on-the-fly resize. It is useful to decrease the page load for mobile devices.

The analyzed version is **0.6.66** on a fresh WordPress installation 5.2.2.

Due to an exposed variable an unauthenticated attacker can exploit a vulnerability that can lead to a LFI (Local File Inclusion) and to Arbitrary File Deletion.

Sensible system and Wordpress file can be easily exfiltrated and the two vulnerabilities can be used to obtain RCE (Remote Command Execution).

****INTRO****

**Adaptive Images for WordPress** serves images through a PHP script, adaptive-images-script.php.

All requests made to image assets that appear in specific folders (the plugin settings allow to change these folders) are redirected through this script that eventually manipulate the image before serving it.

At **line 877** the plugin settings are collected:

      $settings = adaptive_images_script_get_settings();
    

This method at **line 62** checks if the $_REQUEST['adaptive-images-settings'] is present and if not it overrides and composes it according the default configuration.

    
        function adaptive_images_script_get_settings () {
    
            // Setup script settings.
    
            if ( ! isset( $_REQUEST['adaptive-images-settings'] ) ) {
    
        ...
    
        // Setup script settings and save the in request scope.
    
        $_REQUEST['adaptive-images-settings'] = array(
            'debug'          => $debug,
            'resolutions'    => $resolutions,
            'cache_dir'      => $cache_dir,
            'jpg_quality'    => $jpg_quality,
            'png8'           => $png8,
            'sharpen'        => $sharpen,
            'watch_cache'    => $watch_cache,
            'browser_cache'  => $browser_cache,
            'request_uri'    => $request_uri,
            'source_file'    => $source_file,
            'wp_content'     => $wp_content_dir,
            'client_width'   => $client_width,
            'hidpi'          => $hidpi,
            'pixel_density'  => $pixel_density,
            'resolution'     => $resolution
        );
    

At the end of the method the function simply return the $_REQUEST['adaptive-images-settings'] variable.

      return $_REQUEST['adaptive-images-settings'];
    

This logic allows any visitor to set and override the $_REQUEST['adaptive-images-settings'] just passing it to the request.

**Having control on this variable allows an attacker to exploit two major vulnerabilities.**

The parameter $_REQUEST['adaptive-images-settings']['source_file'] allows an attacker to set in an arbitrary way the file requested that will be served from the script.

Even if it is not possible to manipulate the Content-Type header, the script will generate a malformed image that contains the requested file.

This vulnerability in combination with other server misconfiguration can lead to RCE (Remote Command Execution) using log poisoning technique, /proc/self/environ technique and others.

****POC****

http://wp-vulnerable/wp-content/uploads/2019/05/image.jpg?adaptive-images-settings[source_file]=../../../wp-config.php

http://wp-vulnerable/wp-content/uploads/2019/05/image.jpg?adaptive-images-settings[source_file]=/etc/passwd

_The image used to trigger the vulnerability should exist._

****Arbitrary File Deletion****

The plugin contains a cache mechanism that allows the generated resized images to be saved and cached to prevent excessive resources usage.

As every cache mechanism a file should be deleted if the source is newer than the cache file.  
**This feature can be abused to delete an arbitrary file accessible from the Wordpress installation.**

On **line 977** is called the function that removes a stale cache image:

        // Locate cached image.
    
        $cache_file = $settings['wp_content'] . '/' . $settings['cache_dir'] . '/' . $settings['resolution'] . $settings['request_uri'];
    
    
    
        // Check if cached image if stale and relete it if so.
    
        if ( file_exists( $cache_file ) ) {
    
            // Check if cached image is stale and delete it if so.
    
            if ( $settings['watch_cache'] ) {
    
                adaptive_images_delete_stale_cache_image( $settings['source_file'], $cache_file, $settings['resolution'] );
    
            }
    
        }
    

Every variable used in this code is controlled by the aforementioned $_REQUEST['adaptive-images-settings'] variable.

The adaptive_images_delete_stale_cache_image function just checks if the $cache_files exists and if it is newer than the original one.

The only condition to successfully exploit this vulnerability is that the file that we pass as $source_file is newer than the file that we pass as $cache_file.

        function adaptive_images_delete_stale_cache_image ( $source_file, $cache_file, $resolution ) {
    
            if ( file_exists( $cache_file ) ) {
    
                // Check image file timestamp.
    
                if ( filemtime( $cache_file ) >= filemtime( $source_file ) ) {
    
                    return $cache_file;
    
                }
    
                unlink( $cache_file );
            }
    
        }
    

****POC****

Using relative paths we set as $source_file an image (or any other file) that exists in the website and as $cache_file (our target) the wp-config.php.  
In this way it is almost certain that the image is more recent than the target file.

Some other variables should be manipulated to pass some checks and build the correct path of the target file.

_This POC deletes the wp-config.php, test it carefully._

http://wp-vulnerable/wp-content/uploads/2019/07/image.jpeg?adaptive-images-settings[source_file]=../../../wp-content/uploads/2019/07/image.jpeg&adaptive-images-settings[resolution]=&resolution=16000&adaptive-images-settings[wp_content]=.&adaptive-images-settings[cache_dir]=../../..&adaptive-images-settings[request_uri]=wp-config.php&adaptive-images-settings[watch_cache]=1

****BONUS: LFI + Arbitrary file deletion = RCE****

Combining the previous two vulnerabilities an attacker can obtain a bold (and not really stealth) Remote Code Execution on the server.

This is the exploit process:

1.  Dump the current wp-config.php
2.  Delete the current wp-config.php
3.  Install a fake WordPress alongside the real one (DB credentials are known, a random db\_prefix should be chosen to not overwrite the current installation).
4.  Log in the fake WordPress to patch a plugin or theme file to set up a backdoor
5.  Use the backdoor to restore the previous wp-config.php and remove the fake WordPress installation from the database.

This process can be automated and executed in less than 1 minute. During the process the website will not be reachable (exploit).

****Time Line****

Date

What

2019/07/08

Vulnerability reported to plugin developer company using the email found in code. No response.

2019/07/11

Vulnerability reported directly to plugin developer.

2019/07/11

The vulnerability was verified by the plugin developer.

2019/07/11

A fix was released in version 0.6.7.

2019/07/19

Public disclosure.

Special thanks to Takis @ Nevma for his availability and for the quick release of the fix.

CVE-2019-14206: Adaptive images for Wordpress 0.6.66: LFI, arbitrary file deletion and RCE.

A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php

@@ -75,55 +75,45 @@ function evf\_search\_entries( $args ) { ) );  
$statuses = array\_keys( evf\_get\_entry\_statuses() ); $valid\_fields = array( 'date', 'form\_id', 'title', 'status' );  
// Check if form ID is valid for entries. if ( ! array\_key\_exists( $args\['form\_id'\], evf\_get\_all\_forms() ) ) { return array(); }  
$orderby = isset( $args\['orderby'\] ) ? sanitize\_key( $args\['orderby'\] ) : 'entry\_id'; $order = "ORDER BY {$orderby} " . esc\_sql( strtoupper( $args\['order'\] ) ); $limit = -1 < $args\['limit'\] ? $wpdb\->prepare( 'LIMIT %d', $args\['limit'\] ) : ''; $offset = 0 < $args\['offset'\] ? $wpdb\->prepare( 'OFFSET %d', $args\['offset'\] ) : ''; $status = ! empty( $args\['status'\] ) ? "AND \`status\` = '" . sanitize\_key( $args\['status'\] ) . "'" : ''; $search = ! empty( $args\['search'\] ) ? "AND \`meta\_value\` LIKE '%" . $wpdb\->esc\_like( sanitize\_text\_field( $args\['search'\] ) ) . "%'" : ''; $include = ! empty( $args\['form\_id'\] ) ? "AND \`form\_id\` = '" . absint( $args\['form\_id'\] ) . "'" : ''; $exclude = ''; $date\_created = ''; $date\_modified = '';  
if ( ! empty( $args\['after'\] ) || ! empty( $args\['before'\] ) ) { $args\['after'\] = empty( $args\['after'\] ) ? '0000-00-00' : $args\['after'\]; $args\['before'\] = empty( $args\['before'\] ) ? current\_time( 'mysql', 1 ) : $args\['before'\];  
$date\_created = "AND \`date\_created\_gmt\` BETWEEN STR\_TO\_DATE('" . esc\_sql( $args\['after'\] ) . "', '%Y-%m-%d %H:%i:%s') and STR\_TO\_DATE('" . esc\_sql( $args\['before'\] ) . "', '%Y-%m-%d %H:%i:%s')"; $query = array(); $query\[\] = "SELECT DISTINCT {$wpdb\->prefix}evf\_entries.entry\_id FROM {$wpdb\->prefix}evf\_entries INNER JOIN {$wpdb\->prefix}evf\_entrymeta WHERE {$wpdb\->prefix}evf\_entries.entry\_id = {$wpdb\->prefix}evf\_entrymeta.entry\_id";  
if ( ! empty( $args\['search'\] ) ) { $like = '%' . $wpdb\->esc\_like( $args\['search'\] ) . '%'; $query\[\] = $wpdb\->prepare( 'AND meta\_value LIKE %s', $like ); }  
if ( ! empty( $args\['modified\_after'\] ) || ! empty( $args\['modified\_before'\] ) ) { $args\['modified\_after'\] = empty( $args\['modified\_after'\] ) ? '0000-00-00' : $args\['modified\_after'\]; $args\['modified\_before'\] = empty( $args\['modified\_before'\] ) ? current\_time( 'mysql', 1 ) : $args\['modified\_before'\]; if ( ! empty( $args\['form\_id'\] ) ) { $query\[\] = $wpdb\->prepare( 'AND form\_id = %d', absint( $args\['form\_id'\] ) ); }  
$date\_modified = "AND \`date\_modified\_gmt\` BETWEEN STR\_TO\_DATE('" . esc\_sql( $args\['modified\_after'\] ) . "', '%Y-%m-%d %H:%i:%s') and STR\_TO\_DATE('" . esc\_sql( $args\['modified\_before'\] ) . "', '%Y-%m-%d %H:%i:%s')"; if ( ! empty( $args\['status'\] ) ) { $query\[\] = $wpdb\->prepare( 'AND \`status\` = %s', isset( $statuses\[ $args\['status'\] \] ) ? $statuses\[ $args\['status'\] \] : 'publish' ); }  
$query = trim( " SELECT DISTINCT {$wpdb\->prefix}evf\_entries.entry\_id FROM {$wpdb\->prefix}evf\_entries INNER JOIN {$wpdb\->prefix}evf\_entrymeta WHERE {$wpdb\->prefix}evf\_entries.entry\_id = {$wpdb\->prefix}evf\_entrymeta.entry\_id {$status} {$search} {$include} {$exclude} {$date\_created} {$date\_modified} {$order} {$limit} {$offset} " ); $orderby = in\_array( $args\['orderby'\], $valid\_fields, true ) ? $args\['orderby'\] : 'entry\_id'; $order = 'DESC' === strtoupper( $args\['order'\] ) ? 'DESC' : 'ASC'; $orderby\_sql = sanitize\_sql\_orderby( "{$orderby} {$order}" ); $query\[\] = "ORDER BY {$orderby\_sql}";  
if ( -1 < $args\['limit'\] ) { $query\[\] = $wpdb\->prepare( 'LIMIT %d', absint( $args\['limit'\] ) ); }  
if ( 0 < $args\['offset'\] ) { $query\[\] = $wpdb\->prepare( 'LIMIT %d', absint( $args\['offset'\] ) ); }  
$results = $wpdb\->get\_results( $query ); // WPCS: cache ok, DB call ok, unprepared SQL ok. // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared $results = $wpdb\->get\_results( implode( ' ', $query ), ARRAY\_A );  
$ids = wp\_list\_pluck( $results, 'entry\_id' );

CVE-2019-13575: Fix - Security issue reported by Tin Duong on entries SQL query · wpeverest/everest-forms@755d095

Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Visit The User’s Guide (ja)/(en) for more info.

An administrator can do all users’ attendance management.  
And each user can do attendance management by themselves.

An attendance schedule is displayed by shortcords.  
\* Today’s staff  
\* Weekly schedule  
\* Monthly schedule

管理者は全てのユーザーの出勤管理ができます。  
また、ユーザーも自分自身の出勤管理が可能です。

出勤スケジュールはショートコードで表示されます。  
\* 今日の出勤スタッフ  
\* 週間スケジュール  
\* 月間スケジュール

This plug-in makes several pages and data base tables automatically.  
このプラグインはいくつかのページとデータベーステーブルを自動的に作ります。

**Installation**

1.  Donwload plugin file (“attendance-manager.zip”)  
    プラグインファイル (“attendance-manager.zip”) をダウンロードします。
    
2.  Upload plugin file from Administrator menu “Plugins > Add New > Upload Plugin”.  
    管理画面「プラグイン > 新規追加 > プラグインのアップロード」からプラグインファイルをアップロードします。
    
3.  Activate the plugin.  
    プラグインを有効化します。
    

**Plugin set up**

1.  Open the WordPress admin panel, and go to the plugin option page “Attendance Manager”.  
    管理画面を開き「Attendance Manager」メニューを開きます。
    
2.  Set up option item of some.  
    オプション項目を設定します。
    

**User registration as “staff”**

1.  Register staff of your workplace as user.  
    職場のスタッフをユーザー登録します。
    
2.  When registering user, check “This user is a staff”.  
    登録の際、「このユーザーはスタッフです」をチェックします。
    
3.  In case of the registered user, check “This user is a staff” in a profile edit page of that user.  
    登録済みのユーザーの場合は、そのユーザーのプロフィール編集ページで「このユーザーはスタッフです」をチェックします。
    

**Post each staff’s introduction article**

Post each staff’s introduction article. (For example into a “staff” category etc.)  
And insert short cord \[attmgr\_weekly id=”xx”\] to that article.

*   “id” is ID number of each user in your WordPress.

新たに各スタッフの紹介記事を投稿します。（例えば「スタッフ」カテゴリーなどに）  
その記事に、ショートコード \[attmgr\_weekly id=”xx”\] を挿入します。

*   “id” はあなたのサイトにおける各ユーザーのID番号です。

**Post a staff’s information**

Post each staff’s information article. (For example, into a “staff” category etc.)  
And insert short cord \[attmgr\_weekly id=”xx”\] to that article.  
This short code displays the weekly schedule of this staff.

各スタッフの紹介記事を投稿します。（例えば「スタッフ」カテゴリーなどに）  
その記事に、ショートコード \[attmgr\_weekly id=”xx”\] を挿入します。  
このショートコードは、そのスタッフの週間スケジュールを表示するものです。

*   “id” is ID number of each user in your WordPress.  
    “id” はあなたのサイトにおける各ユーザーのID番号です。

**Attendance management**

*   An administrator does all the user’s attendance management by a scheduler for admin.  
    管理者は管理者用スケジューラから全てのユーザーの出勤管理を行ないます。
    
*   A staff logs in and does the attendance management by a scheduler for a staff.  
    スタッフはログインしてスタッフ専用スケジューラから自身の出勤管理を行ないます。
    

If you encounter some problems, please ask me.  
Visit Trouble shooting (ja) for more info.

**When the number of staff increases, the schedule is not reflected.**

If the number of staff increases too much, the schedule may not be reflected.  
This may be the upper limit of the number of POST items in your PHP.  
In that case increase the value of “max\_input\_vars” in php.ini.  
e.g.)  
max\_input\_vars = 5000

**スタッフ数を増えやしたらスケジュールが反映されなくなりました**

スタッフ数が増えすぎるとスケジュールが反映されないことがあります。  
それは、ご利用環境のPHPでのPOST項目数の上限かもしれません。  
その場合、php.iniの “max\_input\_vars”の値を増やしてみてください。  
例）  
max\_input\_vars = 5000

Unfortunately, I never understood how to use this plugin. It lacks documentation and video tutorials. I followed the ReadMe documentation, yet staff never showed up on admin's end. Sorry to give only 2 stars.

Straightforward, simple plugin. No bells and whistles. If you're for example looking for a very simple tool to keep track of staff presence in the office, this will do it. In these "hybrid" (post-covid) times I find it very useful to be able to see who will be present in the office on which days and hours. Easier than using a shared on-line calendar. I hope the author will continue the development...

great plugin and really helped me a lot! though i hope you find a way for it to display only a specific user role in "Today's Staff" something like this: \[attmgr\_daily role="administrator"\] or \[attmgr\_daily role="accounting\_department"\] to check and see attendance of staff per department instead of the whole staff Also i hope you find a way to get the current user ID and display the weekly attendance of the current user like this: \[attmgr\_weekly id="$current\_user"\] because the only available shortcode the plugin has is the attendance of a specific user: \[attmgr\_weekly id="xx"\] This would save me a lot! Thanks!

This is exactly what I was looking for. The plugin works great and when I ran into small trouble (which was caused by the Theme I was using) the developer responded very quickly when I send a mail. Try this! It works, my client is very happy now.

Read all 5 reviews

“Attendance Manager” is open source software. The following people have contributed to this plugin.

Contributors

*    tnomi

**0.6.0**

*   Fixed a link error with the shortcode \[attmgr\_daily\] when business hours exceed midnight.

**0.5.9**

*   Fixed a shortcode error when editing with the block editor.

**0.5.8**

*   Fixed cURL timeout issue.

**0.5.7**

*   Fixed a vulnerability issue.

**0.5.6**

*   ‘Screen\_icon’ on the admin-page has been deleted. And fixed some PHP ‘Notice’.

**0.5.5**

*   Fixed some notices and warnings displayed in “WP\_DEBUG” mode has been corrected.

**0.5.4**

*   Bug fix in calendar navi.

**0.5.3**

*   Shortcode ‘\[attmgr\_today\_work id=”xx”\]’ is added.
*   The opening hours during midnight will be regarded as “Today”.
*   Bug fix in calendar.

**0.5.2**

*   The link of each staff can be given by “Edit User: Website(user\_url)”.
*   An option to use the user avatar on a staff’s portrait was added.

**0.5.1**

*   An “action” URL of the “Settings” form was changed.
*   Action hook “parse\_request” was changed to “template\_redirect”.
*   These functions were changed, ATTMGR::current\_page(), ATTMGR::current\_user(), ATTMGR\_Form::action(), ATTMGR\_Form::access\_control().

**0.5.0**

*   A “Date/Time Format” was added to the plugin option.  
    Several filter hook were added.
    
    *   ‘attmgr\_date\_format’
    *   ‘attmgr\_month\_format’
    *   ‘attmgr\_time\_format’
    *   ‘attmgr\_time\_format\_editor’
*   The schedule table name is given from a filter.
    
    *   ‘attmgr\_schedule\_table\_name’
*   Several filter hook parameter were changed.
    
    *   ‘attmgr\_shortcode\_staff\_scheduler’
    *   ‘attmgr\_shortcode\_admin\_scheduler’
    *   ‘attmgr\_shortcode\_daily’
    *   ‘attmgr\_shortcode\_weekly’
    *   ‘attmgr\_shortcode\_weekly\_all’
    *   ‘attmgr\_shortcode\_monthly\_all’
*   Bug fix about submit processing in the scheduler.
    
*   Dutch translation (by Kleijheeg-san) was added.
    

**0.4.5**

*   Parameter “guide” was added to short code [attmgr_daily].  
    usage: [attmgr_daily guide="week"]  
    In this case, the link to each date in a week is shown.  
    The value of parameter “guide” are “week” or “1week”.  
    In a case of “1week”, the link to next week and previous week are not shown.  
    Parameter “guide” may omit. If “guide” is omitted, the link to each date is not shown.
    
*   Parameter “past” was added to short code [attmgr_daily] and [attmgr_weekly_all] and [attmgr_monthly_all].  
    usage(1): [attmgr_daily guide="week" past="0"]  
    usage(2): [attmgr_weekly_all past="0"]  
    In this case, the link to the past is not shown.  
    Parameter “past” may omit, and default value of “past” is “true”.
    
*   “font-size” in the of schedule table was changed.(front.css)
    

**0.4.4**

*   Parameter “hide” was added to short code [attmgr_weekly].  
    usage: [attmgr_weekly id="xx" hide="1"]  
    In this case, it doesn’t show anything.  
    Parameter “hide” may omit, and default value of “hide” is “false”.

**0.4.3**

*   Bug fix.
*   Some filters were added.
*   Media query is added to “front.css”.

**0.4.2**

*   Some filters were added.

**0.4.1**

*   Bug fix in “Monthly schedule”.

**0.4.0**

*   When time table is up to the next day like “23:00~08:00”, the schedule which continues from the previous day is displayed in “Today’s staff” until end time. (In this case, It is until 8:00.)
    
*   Time selection of a scheduler is helped.  
    When the start time was chosen, standard end time is chosen automatically.  
    And, the choices of end time are limited to time which is later from the start time.  
    If start time which is later from the end time is chosen, end time would be reset.
    

**0.3.1**

*   Bug fix.

**0.3.0**

*   Some style classes were added.
*   Bug fix.

**0.2.0**

*   first release.

CVE-2019-5970: Attendance Manager

Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published:2019/06/10  Last Updated:2019/06/10

**Overview**

WordPress Plugin "Online Lesson Booking" provided by SUKIMALAB.COM contains multiple vulnerabilities.

**Products Affected**

*   Online Lesson Booking 0.8.6 and earlier

**Description**

WordPress Plugin "Online Lesson Booking" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below.

*   **Stored cross-site scripting vulnerability (CWE-79)** - CVE-2019-5972
    
    CVSS v3
    
    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    
    **Base Score: 6.1**
    
    CVSS v2
    
    AV:N/AC:H/Au:N/C:N/I:P/A:N
    
    **Base Score: 2.6**
    
*   **Cross-site request forgery vulnerability (CWE-352)** - CVE-2019-5973
    
    CVSS v3
    
    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
    
    **Base Score: 4.3**
    
    CVSS v2
    
    AV:N/AC:H/Au:N/C:N/I:P/A:N
    
    **Base Score: 2.6**
    

**Impact**

*   An arbitrary script may be executed on the web browser of the user with the administrative privilege. - CVE-2019-5972
*   If a user with the administrative privilege views a malicious page while logged in, unintended operations may be performed. - CVE-2019-5973

**Solution**

**Update the plugin**  
Update the plugin according to the information provided by the developer.

**Vendor Status**

**References**

**JPCERT/CC Addendum**

**Vulnerability Analysis by JPCERT/CC**

**Credit**

Natsumi Matsuoka of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported these vulnerabilities to the developer and coordinated on her own.  
After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.

**Other Information**

CVE-2019-5972: Multiple vulnerabilities in WordPress Plugin "Online Lesson Booking"

Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

WOOHero is just a great WooCommerce extension to customize any store. Like change button text/labels, add contents and much more. WOOHero is compatible with all WooCommerce themes.  
No coding experience requires to change button text/label, add new contents inside WooCommerce core pages. WOOHero nice and simple  
settings will handle all for you. Following details and screenshots explaining all powerful feature of WOOHero.

**Getting Started Video**

**Customize/Change Text**

1.  Add to cart (Single product)
2.  Add to cart (Shop/Loop)
3.  Out of stock (Single product)
4.  View product (Grouped product – Shop/Loop)
5.  Select options (Variable products – Shop/Loop)
6.  Buy product (External product – Shop/Loop)
7.  Place order (Checkout page)

**Customize WooCommerce Core Pages**

1.  Before cart table
2.  Before cart contents
3.  Cart contents
4.  After cart contents
5.  After cart table
6.  After cart
7.  Proceed to checkout
8.  Cart coupon
9.  After cart totals
10.  Before cart totals
11.  Cart is empty
12.  Before mini cart (cart in widget)
13.  Widget shopping cart before buttons
14.  After mini cart
15.  Cart totals before shipping
16.  Cart totals after shipping
17.  Cart totals before order total
18.  Cart totals after order total
19.  Before shipping calculator
20.  After shipping calculator

**WooCommerce Actions/Hooks**

WOOHero using Woocommerce core hooks/actions to customize, zero coding requires. Just install and use.  
Details Here

**WOOHero PRO Features**

WOOHero PRO has more powerful feature and control to customize your store like:

*   **Customize Shop/Store page**
*   **Customize Product page**
*   **Customize My account page**
*   **Customize Checkout page**
*   **Customize Thanks page**
*   **Customize Change button titles (add to cart etc)**
*   **Customize Product Page**
*   **Disable Related Products**
*   **Customize Related Products**
*   **Add Unlimited Product Tabs**
*   **Enquiry/Get a Quote Form for Product**
*   **Front-end editor to add/edit contents**

**Change Any Text**

Another a cool feature of WOOHero PRO version is that you can change Any text from entire site. Like if you want to change ‘Billing Address’ text on checkout  
page, you can do this with WOOHero PRO.

Get Pro Version

1.  Upload plugin directory to the /wp-content/plugins/ directory
2.  Activate the plugin through the ‘Plugins’ menu in WordPress
3.  After activation, you can set options from WooCommerce -> WooHero menu

**DO I need to make changes in file?**

No

**How to access settings**

In Dashboard, you will menu title WooCommerce -> WooHero

**Will this work with my Theme?**

Yes, it is compatible with all themes.

I used it just now and it’s great! In fact, it’s super powerful for being free.

Plugin functionality and working is awesome. The only suggestion is you just need to improve its backend style and usage directions. It shouldn't have a separate menu it should be somewhere in woo-commerce settings.

Great. I can change text almost anywhere in WooCommerce 🙂 Good for non technical users.

Read all 10 reviews

“WooHero WooCommerce Store Customizer” is open source software. The following people have contributed to this plugin.

Contributors

*    N-Media

**3.4 January 19, 2022**

*   Tweaks: WC latest version check

**3.3 September 19, 2021**

*   WC latest version updated
*   Bug fixed: Product tabs HTML issue fixed

**3.2 June 19, 2020**

*   Feature: It will display a Button on Cart page to remove all Cart Items.
*   Feature: It will hide content on the product page and add to cart button. Just show the login form

**3.1 Jan 11, 2020**

*   Bug fixed: Change Any Text

**3.0 Nov 17, 2019**

*   Feature: Re-arranged settings tabs
*   Feature: Front-end editor to add/edit contents
*   Feature: Disable/Enable related products, set column size
*   Feature: Products limit and columns size in Shop page.
*   Feature: More actions added to on checkout page.
*   Feature: Compatibility check with latest WooCommerce, PHP and WordPress

**2.5 June 3, 2019**

*   Bug fixed: Some security related issue fixed

**2.4 October 23, 2018**

*   Bug fixed: Settings saving issue in php version 7+ fixed.

**2.3 July 28, 2018**

*   Bug fixed: Menu moved under WooCommerce Manin Menu

**2.2 July 21, 2018**

*   Bug fixed: Menu not shown due to some other plugin conflict, it’s fixed now

**2.1 July 14, 2018**

*   Bug fixed: Warnings removed
*   Compatibility check with WooCommerce

**2.0**

*   WooCommerce 3.0 compatible issue fixed.

**1.2**

*   Some minor changes made in options page.

**1.1****Following button title/labels can be change**

*   Add to cart (Single product)
*   Add to cart (Shop/Loop)
*   Out of stock (Single product)
*   View product (Grouped product – Shop/Loop)
*   Select options (Variable products – Shop/Loop)
*   Buy product (External product – Shop/Loop)
*   Place order (Checkout page)

**1.0**

*   It is first version, and working perfectly

CVE-2019-5979: WooHero WooCommerce Store Customizer

Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Professional real-time CSS editor for those who want to code CSS.

**Key Features**

*   professional CSS Editor.
*   Real-time live preview.
*   Simple UI.

*   Live Custom CSS Editor
    

Install Custom CSS Pro just as you would any other WP Plugin:

*   Download Custom CSS Pro from WordPress.org.
*   Unzip the .zip file.
*   Upload the Plugin folder (custom-css-pro/) to the wp-content/plugins folder.
*   Go to Plugins Admin Panel and find the newly uploaded Plugin, “Custom CSS Pro” in the list.
*   Click Activate Plugin to activate it.
*   Begin using the plugin by going to Settings > Custom CSS in the Admin Menu.

I searched a long time and this plugin is the best! It has a nice user interface and most important it shows CSS mistakes! I found with this Plugin why my CSS before was not working.

Поменять стили настолько просто, что особо и добавить больше нечего. Особо полезен этот плагин для начинающих разработчиков.

Absolutely love this; one note; sometimes after saving the changes and go back to change say one character or a line, it doesn't popular "save changes". Maybe a small bug? In either case, I use the plug-in for every WP site I run and can't live without it. No more going through different theme menu's just to edit the CSS!

This is the kind of plugin you'd easily donate $10 for because it's so useful. Much thanks to WASP Themes (creators of the Yellow Pencil plugin) for offering such a lightweight and useful tool for nothing. If you use custom css to regularly style elements like I do, there's nothing quite like being able to preview those live changes in the window while you code. I've been using this for about 16 months, I use it on over 10 different wordpress installs to cleanly and effectively make simple color changes, add padding, etc.

Can see CSS changes live!

Read all 14 reviews

“Custom CSS Pro” is open source software. The following people have contributed to this plugin.

Contributors

*    YellowPencil

**1.0.7**

*   fixed a minor javascript bug.

**1.0.6**

*   Editor loading bug fixed.
*   Bug fixes on surfing on the website while CSS editor active.

**1.0.5**

*   Any more you can coding while surfing on your website.
*   CSS Editor’s core functions updated.

**1.0.4**

*   Added nonce to saving action
*   Sanitizing CSS data

**1.0.3**

*   A minor bug fixed

**1.0.2**

*   CSS @import bug fixed.

**1.0.1**

*   A minor bug fixed

**1.0**

*   Initial Release

CVE-2019-5984: Custom CSS Pro

Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Published:2019/06/24  Last Updated:2019/06/24

**Overview**

WordPress Plugin ”HTML5 Maps” contains a cross-site request forgery vulnerability.

**Products Affected**

*   HTML5 Maps 1.6.5.6 and earlier

**Description**

WordPress Plugin ”HTML5 Maps” provided by Fla-Shop.com contains a cross-site request forgery vulnerability (CWE-352).

**Impact**

If a user views a malicious page while logged in, unintended operations may be performed.

**Solution**

**Update the plugin**  
Update the plugin according to the information provided by the developer.

**Vendor Status**

**References**

**JPCERT/CC Addendum**

**Vulnerability Analysis by JPCERT/CC**

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector(AV)

Physical (P)

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required (R)

None (N)

Scope(S)

Unchanged (U)

Changed (C)

Confidentiality Impact(C)

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N

Access Vector(AV)

Local (L)

Adjacent Network (A)

Network (N)

Access Complexity(AC)

High (H)

Medium (M)

Low (L)

Authentication(Au)

Multiple (M)

Single (S)

None (N)

Confidentiality Impact(C)

None (N)

Partial (P)

Complete (C)

Integrity Impact(I)

None (N)

Partial (P)

Complete (C)

Availability Impact(A)

None (N)

Partial (P)

Complete (C)

**Credit**

Daisuke Shimizu of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this vulnerability to the developer and coordinated on his own.  
After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.

**Other Information**

Tag

#wordpress