The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file.

Timestamp:

06/02/2022 05:24:20 AM (3 weeks ago)

codename065

Message:

**3.2.43 - 2022.06.02**

*   Fixed an input sanitization issue with shortcode iframe

Location:

download-manager/trunk

Files:

  

*   download-manager.php (1 diff)
*   readme.txt (2 diffs)
*   src/Package/views/shortcode-iframe.php (1 diff)

**Legend:**

Unmodified

Added

Removed

*   **download-manager/trunk/download-manager.php**
    
    r2734406
    
    r2736071
    
     
    
    6
    
    6
    
    Author: W3 Eden, Inc.
    
    7
    
    7
    
    Author URI: https://www.wpdownloadmanager.com/
    
    8
    
     
    
    Version: 3.2.42
    
     
    
    8
    
    Version: 3.2.43
    
    9
    
    9
    
    Text Domain: download-manager
    
    10
    
    10
    
    Domain Path: /languages
    
*   **download-manager/trunk/readme.txt**
    
    r2734406
    
    r2736071
    
     
    
    6
    
    6
    
    Tested up to: 6.0
    
    7
    
    7
    
    License: GPLv2 or later
    
    8
    
     
    
    Stable tag: 3.2.42
    
     
    
    8
    
    Stable tag: 3.2.43
    
    9
    
    9
    
    10
    
    10
    
    …
    
    …
    
     
    
    182
    
    182
    
    \== Changelog ==
    
    183
    
    183
    
     
    
    184
    
    \= 3.2.43 - 2022.06.02 =
    
     
    
    185
    
    \* Fixed an input sanitization issue with shortcode iframe
    
     
    
    186
    
    184
    
    187
    
    \= 3.2.42 - 2022.05.31 =
    
    185
    
    188
    
    \* Compatibility update for WordPress 6.0
    
*   **download-manager/trunk/src/Package/views/shortcode-iframe.php**
    
    r2648567
    
    r2736071
    
     
    
    216
    
    216
    
            });
    
    217
    
    217
    
    218
    
     
    
    219
    
     
    
            //window.parent.document.wpdm\_adjust\_frame\_height("<?php echo $\_REQUEST\['frameid'\]; ?>", $(document).height());
    
    220
    
     
    
            //window.parent.document.getElementById("<?php echo $\_REQUEST\['frameid'\]; ?>").style.height = $(document).height()+"px";
    
    221
    
     
    
            //window.parent.document.getElementById("<?php echo $\_REQUEST\['frameid'\]; ?>").height = $(document).height()+"px";
    
    222
    
     
    
    223
    
     
    
    224
    
    218
    
        });
    
    225
    
    219
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2022-1985: Changeset 2736071 for download-manager – WordPress Plugin Repository

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-1900: Vulnerability Advisories - Wordfence

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

**zephyr-project-manager/trunk/readme.txt**

r2727937

r2727947

 

3

3

Contributors: dylanjkotze

4

4

Plugin URI: https://zephyr-one.com

5

 

Donate link: https://zephyr-one.com

 

5

Donate link: https://www.paypal.com/donate/?cmd=\_donations&business=dylanjkotze@gmail.com&item\_name=Zephyr+Project+Manager+Donation&currency\_code=USD&source=url

6

6

Tags: project manager, task manager, project, projects, task, tasks, files, discussions, collaboration, pm, zephyr, modern project, management, orginization, zpm

7

7

Requires at least: 3.2

…

…

 

152

152

153

153

\== Changelog ==

 

154

\= 3.2.41 =

 

155

\* Tested with WP 6.0

 

156

\* Fixed security issue

154

157

155

158

\= 3.2.31 =

**zephyr-project-manager/trunk/templates/help.php**

r2185267

r2727947

 

80

80

                        <div class="zpm-grid-item zpm-grid-item-3">

81

81

                            <a href="https://www.patreon.com/dylanjkotze" target="\_blank" class="zpm-material-card zpm-material-card-colored zpm-card-color-darker-blue">

82

 

                                <h4 class="zpm-card-header"><?php \_e( 'Donate and Support Me', 'zephyr-project-manager' ); ?></h4>

83

 

                                <p class="zpm-card\_\_description"><?php \_e( 'If you like the plugin and would like to support me to continue adding great new features and improvements, please consider supporting me on Patreon. It would truly mean so much to me!', 'zephyr-project-manager' ); ?></p>

 

82

                                <h4 class="zpm-card-header"><?php \_e( 'Donate and Supporting the Plugin', 'zephyr-project-manager' ); ?></h4>

 

83

                                <p class="zpm-card\_\_description"><?php \_e( 'If you like the plugin and would like to support it to continue adding great new features and improvements, please consider supporting me on Patreon or via PayPal. It would truly mean so much to me!', 'zephyr-project-manager' ); ?></p>

84

84

                            </a>

85

85

                        </div>

…

…

 

92

92

                    </div>

93

93

                </div>

94

 

 

94



108

108

109

109

                

110

110

                <?php if ( !Utillities::notice\_is\_dismissed( 'zpm-patreon-notice' ) ) : ?>

111

111

                    <div id="zpm-whats-new" class="zpm-panel zpm-panel-12" data-notice="'zpm-patreon-notice'">

112

 

                        <h4 class="zpm\_panel\_title"><?php \_e( 'Support me on Patreon', 'zephyr-project-manager' ); ?></h4>

113

 

                        <p><?php \_e( 'If you like the plugin and what I do and would like to help me improve the plugin more, please consider supporting me on Patreon. This would help a lot in being able to work on the plugin full-time and focus more on it to make it better and add new features. Thank you so much.', 'zephyr-project-manager' ); ?></p>

 

112

                        <h4 class="zpm\_panel\_title"><?php \_e( 'Support the plugin on Patreon', 'zephyr-project-manager' ); ?></h4>

 

113

                        <p><?php \_e( 'If you like the plugin and would like to help improve the plugin further, please consider supporting me on Patreon. This would help a lot in being able to work on the plugin full-time and focus more on it to make it better and add new features. Thank you so much.', 'zephyr-project-manager' ); ?></p>

114

114

                        <div class="zpm-notice-buttons">

115

115

                           

116

116

                            <button class="zpm-dismiss-notice-button zpm\_button" data-notice-version="zpm-patreon-notice"><?php \_e( 'Dismiss Notice', 'zephyr-project-manager' ); ?></button>

 

117

                            <a href="https://www.paypal.com/donate/?cmd=\_donations&business=dylanjkotze@gmail.com&item\_name=Zephyr+Project+Manager+Donation&currency\_code=USD&source=url" target="\_blank" class="zpm-patreon-button zpm\_button"><?php \_e( 'PayPal Donation', 'zephyr-project-manager' ); ?></a>

117

118

                            <a href="https://www.patreon.com/dylanjkotze" target="\_blank" class="zpm-patreon-button zpm\_button"><?php \_e( 'Support me on Patreon', 'zephyr-project-manager' ); ?></a>

118

119

                        </div>

**zephyr-project-manager/trunk/templates/parts/new\_task.php**

r2713222

r2727947

 

59

59

                </div>

60

60

            <?php else : ?>

61

 

                <input type="hidden" id="zpm\_new\_task\_project" value="<?php echo $\_GET\['project'\] ?>"/>

 

61

                <input type="hidden" id="zpm\_new\_task\_project" value="<?\= esc\_attr($\_GET\['project'\]) ?>"/>

62

62

            <?php endif; ?>

63

63

**zephyr-project-manager/trunk/templates/parts/project-single.php**

r2713383

r2727947

 

20

20

21

21

    $manager = ZephyrProjectManager();

22

 

    $project = Projects::get\_project( $\_GET\['project'\] );

 

22

    $projectId = isset($\_GET\['project'\]) ? esc\_attr($\_GET\['project'\]) : '';

 

23

    $project = Projects::get\_project($projectId);

23

24

    $base\_url =  esc\_url(admin\_url('/admin.php?page=zephyr\_project\_manager\_projects'));

24

25

    $BaseController = new BaseController;

**zephyr-project-manager/trunk/templates/parts/task-edit-modal.php**

r2185267

r2727947

 

60

60

                </div>

61

61

            <?php else : ?>

62

 

                <input type="hidden" id="zpm\_edit\_task\_project" value="<?php echo $\_GET\['project'\] ?>"/>

 

62

                <input type="hidden" id="zpm\_edit\_task\_project" value="<?\= esc\_attr($\_GET\['project'\]) ?>"/>

63

63

            <?php endif; ?>

64

64

           

**zephyr-project-manager/trunk/templates/parts/task-single.php**

r2714375

r2727947

 

22

22

    $this\_task = ($Tasks->get\_task($task\_id) !== null) ? $Tasks->get\_task($task\_id) : '';

23

23

    $projects = Projects::get\_projects();

 

24

24

25

    if (!is\_object($this\_task)) {

25

26

        ?>

…

…

 

33

34

            <div class="zpm-notice"><?php \_e( 'Sorry, you do not have access to this task.', 'zephyr-project-manager' ); ?></div>

34

35

        <?php

35

 

        return;

 

36

        exit();

36

37

    }

37

38

**zephyr-project-manager/trunk/zephyr-project-manager.php**

r2714375

r2727947

 

7

7

\* Description:  A modern project manager for WordPress to keep track of all your projects from within WordPress.

8

8

\* Plugin URI:   https://zephyr-one.com

9

 

\* Version:      3.2.40

 

9

\* Version:      3.2.41

10

10

\* Author:       Dylan James

11

11

\* License:      GPLv2 or later

CVE-2022-1822: Changeset 2727947 for zephyr-project-manager – WordPress Plugin Repository

The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was partially fixed in version 2.3.2 then subsequently fully patched in version 2.3.3.

**Ultimate Member <= 2.3.1 - Stored Cross-Site Scripting****Summary**

Biography component in user profile exists stored XSS vulnerability.

**Vulnerability proof**

1.Encode XSS payload by Unicode

For example:

<script>alert(1)</script>

2.Enter the encoded payload into the Biography component and save it.

3.Reload the user profile and the script is executed.

CVE-2022-1208: vulnerabilities/Ultimate Member <= 2.3.1 - Stored Cross-Site Scripting.md at main · H4de5-7/vulnerabilities

The Advanced Admin Search WordPress plugin through 1.1.2 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting.

CVE-2022-0626

The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body

CVE-2022-0745

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users

CVE-2022-0786

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.

CVE-2022-0863

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.

CVE-2022-0885

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.

Tag

#wordpress