Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

If you aren’t building an email list, you’re missing out on the most powerful and consistent way to drive repeat visitors and customers to your website or blog. With an email list, you become less and less dependent on external sources of traffic, and gain more ability to interact with your blog’s audience.

We at MyThemeShop understand your need, and have developed a unique, cleanly coded, premium subscription plugin. We are now distributing it for FREE to give back to the WordPress community. We have been given so much by the WordPress community, it’s time to give back.

**WP Subscribe** is the only plugin you need to get the perfect subscription forms on your website. With optimized code, it loads before you can even blink your eye. If you’re a website owner, you can make a lot more money than regular blogs, which is why so many marketers focus on creating email lists. With the WP Subscribe plugin, you can do it in a simple yet effective way. Install the plugin, configure the widget and convert visitors into loyal email subscribers.

**Live demos:**

See the WP Subscribe Plugin in action on our demo page: http://demo.mythemeshop.com/sociallyviral/

**Why choose WP Subscribe from MyThemeShop:**

*   It’s the only free all-in-one plugin which offers Aweber, Mailchimp and FeedBurner.
*   Choose between Mailchimp, Aweber or FeedBurner.
*   Options to change text showing in subscription box.
*   Fully responsive.
*   Can be easily customized using custom CSS.
*   Can be used more than once in different sidebars.
*   Super lightweight.
*   Compatible with caching and SEO plugins.
*   Eye-catching design.
*   Position it anywhere where a widget is configured in your theme.

**Support**

All support for this plugin is provided through our forums. If you have not registered yet, you can do so here for **FREE**  
https://mythemeshop.com/#signup

If after checking our Free WordPress video tutorials here:  
https://mythemeshop.com/wordpress-101/  
&  
https://community.mythemeshop.com/tutorials/category/2-free-video-tutorials/

you are still stuck, please feel free to open a new thread, and a member of our support team will be happy to help.

Support link:  
https://community.mythemeshop.com/forum/11-free-plugin-support/

**Help to make it better**

MyThemeShop is a premium WordPress theme provider, and we develop premium plugins in our free time and distribute them for free to give back to the community. Though we take a lot of care while developing anything, we might have missed something useful or important. Please help us make it better by submitting your bug/suggestions/feedback on GitHub.

GitHub link: https://github.com/MyThemeShop/WP-Subscribe/

**Feedback**

If you like this plugin, then please leave us a good rating and review.  
Consider following us on Google+, Twitter, and Facebook

This section describes how to install the plugin and get it working.

1.  Upload the wp-subscribe folder to the to the /wp-content/plugins/ directory
2.  Activate the plugin through the ‘Plugins’ menu in WordPress
3.  You can see **WP Subscribe** widget in widgets section.
4.  Add it in sidebar and footer and configure as you want.
5.  Enjoy!

**Plugin is not working**

Please disable all plugins and check if plugin is working properly. Then you can enable all plugins one by one to find out which plugin is conflicting with WP Subscribe.

Plugin doesnt work anymore on the newest versions of Wordpress. It's a pity, it was a great plugin!

Simple and works, thanks.

Support 0, the plugin removal working only direct na manual from wp folder !

Plugin works great, and the support team is AWESOME! They helped me customize the plugin for two of my websites.

It needs ID from feedburner, mailchip, aweber. If you don't use them, it wont work. Ability to use my hosting service wiill be good. Bacause my website gets very few hits. I cannot afford to use others services. It is better if the plugin is self contained rather than depending on others to deliver emails.

Read all 25 reviews

“WP Subscribe” is open source software. The following people have contributed to this plugin.

Contributors

*    MyThemeShop

**1.2.12**

*   Improved form accessibility

**1.2.11**

*   Added validation for name and email fields

**1.2.10**

*   Changed admin notices

**1.2.9**

*   Updated admin notices

**1.2.8**

*   Added consent field

**1.2.7**

*   Fixed SVN issue

**1.2.6**

*   Fixed PHP notices

**1.2.5**

*   Fixed aweber list issue

**1.2.4**

*   Fixed aweber issues

**1.2.3**

*   Fixed some CSS issues

**1.2.2**

*   Fixed some javascript issues
*   Fixed some credentials in Aweber
*   Improve Mailchimp class
*   Remove notices and warnings on some places
*   Change the behavior of saving mailing service lists

**1.2.1**

*   Provided backward compatibility for CSS
*   Provided backward compatibility for Scoped CSS
*   Remove magnific popup classes from inline form
*   Add loader when submitting form
*   Fixed inline form responsiveness
*   Minify the CSS File

**1.2.0**

*   Whole plugin is re-written in OOP
*   Huge performance Improvements
*   Moved JS and CSS folders inside assets folder
*   Enhanced: Functions are more organized in wps-helpers and wps-functions-options file.
*   Fixed: Missing and in-correct textdomain

**1.1.4**

*   Changed AWeber form URL to HTTPS

**1.1.3**

*   Added option to enable name field
*   Added MyThemeShop tab in “Add Plugins” page

**1.1.2**

*   Removed nonce from frontend

**1.1.0**

*   Replaced Feedburner HTTP link with HTTPS

**1.0.9**

*   Fixed spelling mistake in Pro Notification

**1.0.8**

*   Fixed translation and text domain issue

**1.0.7**

*   Fixed notification closing issue

**1.0.6**

*   Switched to PHP 5 style constructor method for the widget class

**1.0.5**

*   Improvement – input placeholder text hides on click.

**1.0.4**

*   Fixed AWeber signup issue

**1.0.3**

*   Fixed add\_query\_arg vulnerability

**1.0.2**

*   Added double opt-in possibility for Mailchimp

**1.0.1**

*   Fixed Title field saving issue in newly added widget
*   Fixed compatibility with other plugins using Mailchimp API

**1.0**

*   Official plugin release.

CVE-2021-36844: WP Subscribe

The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections

CVE-2022-0783

The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.

CVE-2022-1282

The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.

File:

  

*   photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php (2 diffs)

**Legend:**

Unmodified

Added

Removed

*   **photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php**
    
    r2587758
    
    r2706797
    
     
    
    43
    
    43
    
          $bwg\_filter\_tag\_temp = WDWLibrary::get('filter\_tag\_' . $bwg, 0);
    
    44
    
    44
    
          if ( !empty($bwg\_filter\_tag\_temp) ) {
    
    45
    
     
    
            $filter\_tags = explode(",", $bwg\_filter\_tag\_temp);
    
     
    
    45
    
            $filter\_tags = array\_map('intval', explode(",", $bwg\_filter\_tag\_temp));
    
    46
    
    46
    
          }
    
    47
    
    47
    
        }
    
    48
    
    48
    
        else {
    
    49
    
     
    
          $filter\_tags = explode(",", $bwg\_filter\_tag\_temp);
    
     
    
    49
    
          $filter\_tags = array\_map('intval', explode(",", $bwg\_filter\_tag\_temp));
    
    50
    
    50
    
        }
    
    51
    
    51
    
    …
    
    …
    
     
    
    111
    
    111
    
              $join .= ' LEFT JOIN (SELECT GROUP\_CONCAT(tag\_id order by tag\_id SEPARATOR ",") AS tags\_combined, image\_id FROM  ' . $wpdb->prefix . 'bwg\_image\_tag GROUP BY image\_id) AS tags ON image.id=tags.image\_id';
    
    112
    
    112
    
          }
    
    113
    
     
    
          $where .= ' AND CONCAT(",", tags.tags\_combined, ",") REGEXP ",(' . implode($compare\_sign, $filter\_tags) . ')," ';
    
     
    
    113
    
          $where .= ' AND CONCAT(",", tags.tags\_combined, ",") REGEXP ",( %s )," ';
    
     
    
    114
    
          $prepareArgs\[\] = implode($compare\_sign, $filter\_tags);
    
    114
    
    115
    
        }
    
    115
    
    116
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2022-1281: Diff [2587758:2706797] for photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php – WordPress Plugin Repository

Ubuntu Security Notice 5382-2 - USN-5382-1 fixed a vulnerability in libinput. This update provides the corresponding updates for Ubuntu 22.04 LTS. Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly handle input devices with specially crafted names. A local attacker with physical access could use this to cause libinput to crash or expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-5382-2  
May 02, 2022

libinput vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

libinput could be made to crash or expose sensitive information.

Software Description:  
- libinput: Input device management and event handling library

Details:

USN-5382-1 fixed a vulnerability in libinput. This update provides the  
corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

 Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly  
 handle input devices with specially crafted names. A local attacker with  
 physical access could use this to cause libinput to crash or expose  
 sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
  libinput10                      1.20.0-1ubuntu0.1

After a standard system update you need to log out of all desktop sessions  
and then log back in to make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5382-2  
  https://ubuntu.com/security/notices/USN-5382-1  
  CVE-2022-1215

Package Information:  
  https://launchpad.net/ubuntu/+source/libinput/1.20.0-1ubuntu0.1

Ubuntu Security Notice USN-5382-2

Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.)

Wise security professionals understand that threat actors aren't sitting still, and they aren't playing by the same rules as old-school groups. Lapsus$, for example, is gaining notoriety for its unpredictable behavior, using tactics like extortion and bribing insiders for initial access. It has left even the most experienced security pros scratching their heads.

When you find your organization has been breached, will you be scrambling to figure out your security incident response and remediation plan when your team can't think straight, or will your response be as simple as muscle memory? To minimize the damage done when a security incident occurs, it's important to look inward.

**Keep a Tight Ship  
**I would never dare promise to "eliminate cyber threats," but I can provide strong recommendations to improve internal security. Analyzing some of the latest Lapsus$ victims, we can learn a few things.

First, **_credential security is imperative._** Sooner or later, a threat actor will compromise credentials in your organization. It's not realistic for a business to expect all employees to refuse extortion attempts at all costs. Understanding this reality turns the impossible task into a practical solution.

Security teams should shift their focus from purely _preventing_ credential compromise to _tracking_ user behavior so that anomalies can be quickly identified and acted upon.

Lastly, when discussing the Lapsus$ incidents and others like them that are using extortion and bribery to initiate entry, we must discuss the importance of cybersecurity awareness and insider threat training. Many organizations have put some level of end-user security training into practice. But clearly, that isn't enough to stop novel threat groups from breaching the last line of defense.

**Managing Third-Party Companies  
**Organizations can't prepare their own privacy and security practices in a vacuum — we all depend on a large network of products and services to do our jobs.

Repeat after me: _Anyone (or any organization) could easily be a victim of a third-party incident._

If you were to assess the privileges of each of your third-party solutions, would you be proud of what you found? Chances are, there are weak spots in access protocols. Your third-party solutions likely have access to things they shouldn't. Your contractual agreements probably aren't bulletproof either.

While it's important to factor in the balance of manageable risk with return on investment, it's also essential to foster a collaborative yet vigilant relationship with all of your external parties. It's about defining a clear contract with vendors that involves security early on, focusing on shared responsibilities for security, good architecture, and timely communication.

**Check on Cybersecurity Checklists  
**Creating a cybersecurity checklist should be a requirement to do business with any third party. The checklist should include (but is not limited to): thoroughly vetting vendors' privacy and security standards; adding terms and conditions within your contract to address what would happen in the case of an outage and the costs each party would incur; and contingency plans for employees who may depend on technology or software solutions to do their jobs. Take a similar approach whenever your organization is involved in any type of M&A activity, as the risks apply to those scenarios as well.

There will always be risks associated with third-party solutions, but living in a bubble isn't realistic. Managing this risk by having visibility and security capabilities across the entire security incident response life cycle must be the endgame.

**Communicating Gaps  
**Organizations experiencing a security incident must not hide behind a third party and shouldn't blame their employees. They also must not allow lawyers to create smokescreens around what happened. This helps no one in the long term and only saves face until it doesn't anymore.

Communication around current vulnerabilities and threats is constantly flowing in healthy, well-prepared organizations. As a security practitioner, you should be proactive in how you communicate with leadership. It's extremely effective to manage up by sending a notice to leadership about a new breach or vulnerability with your insight added. Security analysts can offer value by proactively showing that they've already checked "XYZ" and that they're running automated queries for indicators of compromise, etc. They can forward that to their CISO for that person to share upward. CISO/SOC leadership can then take action to fill that gap.

Additionally, when a security incident occurs, security analysts should feel comfortable saying "we didn't have the capabilities to identify this incident." Effective operations require reflection on your own security incidents and thought experiments with other shared problems in the security community. Be honest and document everything. From there, they can use these proof points to work with leadership and fill in the gaps.

**Culture Is Key  
**No one with a straight face can deny the importance of security culture when it comes to keeping a tight ship, managing third-party security, and mastering internal communication. Culture weaves through it all. Motivated employees with excellent support from their team members and leadership are less likely to make errors and are also less likely to turn around and give information to a cybercriminal when faced with the temptation of shiny rewards or, worse, revenge.

Fostering a culture of open communication (as opposed to fear of making a mistake) will help your security analysts feel like they can talk to leadership about what gaps need to be filled to properly do their jobs and minimize the impact of future breaches.

Security incidents will happen to everyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. Many companies are overwhelmed with just the thought of a breach happening — imagine how they panic when a breach actually occurs.

_Stay tuned for Part 2 later this week, which will provide advice on handling the public's response after an incident._

Security Stuff Happens: What Do You Do When It Hits the Fan?

The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check the keys being set (like __proto__ or constructor). This can allow an attacker to add/modify properties of the Object.prototype leading to prototype pollution vulnerability. **Note:** This vulnerability can occur in multiple ways, for example when modifying a collection with untrusted user input.

Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as _proto_, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.

There are two main ways in which the pollution of prototypes occurs:

*   Unsafe Object recursive merge
    
*   Property definition by path
    

**Unsafe Object recursive merge**

The logic of a vulnerable recursive merge function follows the following high-level model:

    merge (target, source)
    
      foreach property of source
    if property exists and is an object on both the target and the source
    
      merge(target[property], source[property])
    
    else
    
      target[property] = source[property]
    
    

When the source object contains a property named _proto_ defined with Object.defineProperty() , the condition that checks if the property exists and is an object on both the target and the source passes and the merge recurses with the target, being the prototype of Object and the source of Object as defined by the attacker. Properties are then copied on the Object prototype.

Clone operations are a special sub-class of unsafe recursive merges, which occur when a recursive merge is conducted on an empty object: merge({},source).

lodash and Hoek are examples of libraries susceptible to recursive merge attacks.

**Property definition by path**

There are a few JavaScript libraries that use an API to define property values on an object based on a given path. The function that is generally affected contains this signature: theFunction(object, path, value)

If the attacker can control the value of “path”, they can set this value to _proto_.myValue. myValue is then assigned to the prototype of the class of the object.

CVE-2022-21189: Prototype Pollution in dexie | CVE-2022-21189 | Snyk

Your Microsoft computer comes with built-in safety software that shields you from the worst threats. Here's how to navigate your toolkit.

For many years, Windows users had to rely on a third-party security tool to keep viruses and malware at bay, but now Microsoft's operating system comes with its own package, in the form of Windows Security.

It's designed to run quietly and efficiently in the background, and you might not have even noticed it's there—but it's important to know how it's keeping your computer safe, and the various options it gives you.

While you can add extra security software to Windows if you want, Windows Security should keep you well protected from danger. You can open it from the Start menu or by clicking its icon in the notification area.

Finding Your Way Around

Windows Security gives you an overview of your system's status.

Microsoft via David Nield

Open the main Windows Security dashboard and you should see a grid of icons, all with reassuring green check marks next to them—if something needs your attention, these check marks will be replaced by yellow exclamation marks. You can click on any of the items on the grid, from **Virus & threat protection** to **Protection history**, to jump to the relevant section inside the app.

The navigation pane on the left gives you another way of jumping between the various parts of Windows Security: The **Home** option is the one to go back to if you need to return to the main dashboard. Choose **Account protection**, for example, for options relating to your Microsoft account and to the way you sign in to Windows on your computer (including face and fingerprint recognition, if available).

**Firewall & network protection** is where you can monitor the firewall put up around Windows, for devices on your local network and in terms of the wider internet. If you decide to install a third-party security package, Windows Security can monitor this too and make sure everything is working correctly—if no firewall is active, you'll see an on-screen warning.

Choose **Settings** from the left-hand navigation bar to customize various aspects of Windows Security: These are mainly around the notifications the program displays, and any third-party security software you've installed. You're also able to click **Protection history** here to see what Windows Security has been up to recently, whether that's virus scans or alerts about security problems.

Running Virus and Malware Scans

Windows Security runs scans in the background while you use your device.

Microsoft via David Nield

In terms of actively keeping your computer safe and protected from threats, the **Virus & threat protection** section of Windows Security is the place to visit. As with the rest of the software, most of the features here will run in the background, but it's good to be aware of what's available and what you can do if you spot anything suspicious.

Click **Quick scan** if you suspect your computer may have been compromised—if you've downloaded and launched an email attachment you shouldn't have, for example. Quick Scan will look out for the most obvious threats and malware on your system and shouldn't take long to complete. You'll be able to see the progress of the scan as it runs, and you can keep working on your computer while it's scanning.

Select **Scan options** to run other types of scans. There's a **Full scan** option, which is more comprehensive than a quick scan and can take over an hour to complete, while a **Custom scan** enables you to focus a scan on specific folders if you think you know where a particular threat might be located. Finally, you'll see an **Offline scan** option that takes around 15 minutes and can remove the most stubborn types of malware.

You don't need to worry about setting a schedule for running virus and malware scans because Windows Security will take care of all of this for you. Click **Manage settings** under **Virus & threat protection settings** to make sure the **Real-time protection** option is turned on: This ensures the program is actively working in the background to spot security threats before they can do any damage to your system.

Other Windows Security Features

Windows Security looks after device maintenance too.

Microsoft via David Nield

If you pick **App & browser control** from the navigation pane on the left of Windows Security, you can have the software scan any applications you download and install: Windows Security considers a variety of factors when assessing whether a program is allowed to run on your computer, and you can customize some of this functionality here.

Select **Device security** to get to some of the more advanced security settings for your system. If your computer supports technologies like secure boot (checking for threats as your system starts up) and a trusted platform module (making it very difficult to tamper with the data on your system), you'll see them here. There are no settings to work through, but you can see if the features are present and working properly.

Then there's the **Device performance & health** page, which shows how Windows Security goes beyond actual security. Here you can see reports on the internal storage and battery of the device you're running Windows on and access what Microsoft calls a **Fresh start** process—this resets a lot of the settings on your system without affecting any of your files or the applications you've installed.

The **Family options** screen will be useful if you've got youngsters using Windows: You can set parental controls covering everything from the times the device can be used to what sort of content can be accessed. This works in tandem with the Microsoft Family Safety tools that you can access through your browser and that can cover multiple devices using the same Microsoft account.

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   The takedown of the web’s biggest child abuse site
*   Get ready for a decade of uranus jokes
*   How to use BeReal, the “unfiltered” social media app
*   Should all video games be replayable?
*   The fake agents case baffling US intelligence experts
*   👁️ Explore AI like never before with our new database
*   📱 Torn between the latest phones? Never fear—check out our iPhone buying guide and favorite Android phones

How to Use Windows Security to Keep Your PC Protected

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition.

Tag

#perl