Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.

Academy Lms is a marketplace script for online learning. Here students and teachers are combined together for sharing knowledge through a structured course-based system. Teachers or instructors can create an unlimited number of courses, video lessons and documents according to their expertise and students can enroll in these courses and make themselves skilled anytime and from anywhere.  
So start selling your courses by installing ACADEMY and make your online business today.  

**Quick start guide for course instructor/admin**

*   Read all our provided documentation carefully before using the software
*   Install the application following “Installation and Update” guide carefully
*   Login as site administrator to organize your system
*   At first update your System Settings and Payment Settings from Settings option of the left sidebar menu. Also, make sure to provide a valid YouTube API key and a valid Vimeo API key on System Settings.
*   If you have updated the Settings successfully, you can go to Categories option from the same left sidebar menu and create Categories.
*   After creating Category, you can create Sub-categories under a specific Category. For creating Sub-categories you can go to the Categories page, select a specific category, click on the Action dropdown menu and select Manage Sub-categories. It will take you to the Sub-categories page. Now you can simply click on “+Add Sub Category” button and fill all the required fields to create a Sub-category.
*   Now its time to create some Courses. Since a course will contain all the video lessons you have to create it carefully. Move to Courses option from the left menu, You will get a “ Add Course Form” after clicking on “+Add Course” button. Fill all the fields carefully
*   Every Course should have at least one Section. Because at the end you will have to add a lesson under a specific section of a specific course. So, now you will have to create at least one section. Move to the Courses page, select a specific course, click on the action dropdown menu and select Manage Section. After clicking on Manage Section you will get the list of Section which is empty now. You have to create one by clicking the “+Add Section” button
*   As you have created a Course and a section or multiple sections, now you will be able to create a lesson. Now, let’s move to the Course page again, select a specific course, click on the Action dropdown button, select Manage Lesson. It will also show the list of lessons that you’ve created. To add new you can just click on “+Add Lesson” button

**Quick start guide for course students**

*   Since the application has been already installed. Student can access the website by simply hitting the application URL
*   Home page will appear every time a student hits the URL. From the home page, a student can search for a specific course, get all the top courses, top ten latest courses, get category based courses. A student can sign up if he/she is not registered yet. If a student is already registered he/she can log in. Student can add courses on their Shopping Carts or add them on their Wishlists
*   Students can see the course details by simply clicking on a course thumbnail. The course details page contains all the essentials information about a course like, Title, Description, Outcomes, The prerequisites of the course, Lesson list Instructor details, and the rating and reviews. User can see a course overview here
*   If Student want to buy the course they must add those courses on their cart
*   After adding a course on Shopping cart if a student wants to see their cart items, they can to go to the Shopping Cart page by clicking on Go To Cart button, which appears on hovering over the cart icon of the header
*   Student can remove courses if they want from the shopping cart page
*   On the right side of the shopping cart page is the total price of the cart items. Under that is the Checkout button. If student want to check out they can simply click on the Checkout button and pay for those courses
*   After a successful checking out student can see their courses on the My Courses menu. The student will get the My Courses button by hovering over their profile image from the header
*   My Courses page will show all the courses which are purchased by that student. Student can play the lessons by clicking on the thumbnail from the My Courses page

**Update Log**

**Version 5.9.1 – 16 August, 2022**

\- Home page newly designed
- Footer newly designed
- Sign up URL enhanced to improve SEO
- The uploaded images are optimized automatically
- Footer link issue fix
- Auto logout issue fix

**Version 5.9 – 3 July, 2022**

\- Pagination added to the search result page
- Pagination added to the course filter page
- Search result optimised from in dept course data
- Quiz result issue fixed and experience improved

**Version 5.8 – 26 May, 2022**

\- New! limitation on account access from multiple devices
- Admin can set how many account can be accessed by a single student account
- Create any number of new pages for your course website
- Video uploading progress bar shown during lesson creation
- Quiz question type added: true-false, fill in the blanks, multiple choice, single choice
- Instructor now can view student's quiz results
- Quizzes now have timer to complete within a certain time period
- Login session time period extended
- Issue fix for blog category link access
- Smtp crypto settings now added

**Version 5.7 – 18 April, 2022**

\- Drip content feature introduced
- Student has to complete previous lesson to access the next one
- Showing learning progress in course playing page
- Publicly course access permission settings (allow/deny) from admin panel
- Message read and unread status showed in messaging page between student and instructor
- Certificate addon update: drag & drop builder
- Certificate addon update: background image changing capability
- Certificate addon update: QR code shown for certificate validation

**Version 5.6 – 17 February, 2022**

\- Api updated for student and instructor mobile app
- Show email with name when admin enroll a student
- Delete enrolment history when a course is deleted
- Blog keywords for course website SEO performance enhance
- Minor bug fixed

**Version 5.5 – 19 January, 2022**

\- Blog module introduced
- Admin & instructor can write blog posts
- 'Buy' button added in course page
- Instructor skills added
- New page for forget password
- Newly designed user interface for student account panel
- Document type lessons now have preview option
- Coupon code discount feature enhanced
- Razorpay payment gateway option for instructor payout
- Store quiz result of students
- Api updated for mobile apps
- Source code optimised and performance upgraded

**Version 5.4 – 2 November, 2021**

\- Updated with bootstrap 5
- Completely newly designed frontend website layout

**Version 5.3 – 16 September, 2021**

\- Student can continue learning from last time viewed lesson (watch history preserved)
- When purchasing a course without login, redirected to that course after login.
- The video source URL has been hidden for HTML5 video URL and Video file.
- Added language select option to instructor panel.

**Version 5.2 – 30 August, 2021**

\- New lesson type: text format
- Facebook login for students added
- Admin permission for quick action menu fixed
- Refund policy option settings added

**Version 5.1 – 4 August, 2021**

\- New lesson type: google drive
- Razorpay payment gateway comes as standard
- Free lesson preview

**Version 5.0 – 1 June, 2021**

\- Adding new admins
- Admin role permission setting
- Multi instructor in single course
- Coupon code
- Course compare feature
- Application performance improvement
- Organised Admin navigation menu
- Organised applications assets
- Documentation updated

**Version 4.7 – 8 May, 2021**

\- Responsive issue solved on the course playing page.
- Bug fixed on social sharing content.
- A new API has been added for the Instructor mobile app.

**Version 4.6 – 23 March, 2021**

\- Sub category selection fixed for mobile device screens.
- Minor bug fixes
- Performance improvement

**Version 4.5 – 9 February, 2021**

\- Ability to filter courses according to parent categories.
- Security check on installing addons.
- Course preloaded on homepage. 
- Fixed a minor bug on course completion.

**Version 4.4 – 22 December, 2020**

\- Google recaptcha introduced for enhanced account security
- Dashboard shortcut for : Add student, Enrol student, Add course, Add lesson
- Mobile API updated
- Layout updated in course detail page for mobile device responsiveness.

**Version 4.3 – 20 October, 2020**

\- Browser cache issue on image uploading has been solved.
- Ratings and reviews are now showing perfectly on mobile device.
- Server storage has been optimised by removing the previous video file while updating video type lessons.
- Stripe payment API is working fine in Academy mobile app.
- Top courses are now accessible from mobile devices.
- Latest courses are now accessible from mobile device.
- Info banner is now aligned perfectly in mobile device.

**Version 4.2 – 15 September, 2020**

\- Sending verification code instead of link on user verification email. Since sometimes mail with a link considered as suspicious.
- Keeping stripe session id and transaction id on stripe payment.        
- Enhanced the security of stripe payment.
- Total lesson count is now working fine in all dashboard.   
- Minor bug fixes and performance improvement.

**Version 4.1 – 19 August, 2020**

\- All payment gateways are included in mobile app.
- Students can purchase course inside mobile app using all available payment gateways and addons.
- Rating review posting by student random issue fix
- Version update procedure updated

**Version 4.0.1 – 6 July, 2020**

\- Stripe payment gateway updated for course purchase
- Api updated for mobile application
- Minor bug fixes

**Version 4.0 – 17 June, 2020**

\- New instructor workflow introduced
- Admin can add new instructor from admin panel
- User needs to apply to be an instructor if the admin keeps it enabled
- New dashboard and menu for instructor panel
- New sales report page for instructor
- New payout report page for instructor
- New instructor payout processing system
- The instructor now have the opportunity to request a withdrawal request
- Language switcher from frontend website
- New lesson creation layout and very user-friendly workflow
- A separate form for each type of lessons and it can be switched instantly
- Video upload option in lesson creation form with possible upload size info
- Toaster notification translation issue fixed
- Student page title issue fixed
- Lesson deletion issue while course deletion is fixed
- Multi-language helper updated
- Courses can be added to wishlist from course detail page
- User is shown an alert before removing a course from wishlist
- Outgoing email text enhanced for being marked as spam by Gmail

**Version 3.6 – 23 April, 2020**

\- Iframe embed code feature added.
- Now you can add google slide, slideshare slides and any embeddable external content.

**Version 3.5 – 8 April, 2020**

\- Minor bug fixes.

**Version 3.4 – 20 March, 2020**

\- Android API added to purchase a course from inside the student's mobile app.

**Version 3.3 – 10 March, 2020**

\- Checkout page updated

**Version 3.2.1 – 1 March, 2020**

\- Academy lms site slow speed performance fixed

**Version 3.2 – 19 February, 2020**

\- Payment system upgraded and designed from scratch
- Disabled payment gateways are now hidden from student course purchase page
- Some minor bug fixes in course, lesson management in the admin panel

**Version 3.1 – 15 January, 2020**

\- EU cookie note added with cookie policy acceptance
- Course purchase notification to instructor, admin, student
- Disabled payment method is now inactive in course purchasing cart
- Instructor list is shown in the admin panel
- API updated for mobile app course purchasing
- Enroll history report updated to current month by default
- Addon system introduced
- New addon manager for addon installation, activation or deactivation
- Certificate addon released. Buy here: https://codecanyon.net/item/x/25515213
- Documentation updated

**Version 3.0 – 12 October, 2019**

\- Android app API published
- Separate video lesson configuration for mobile app added
- Lesson player CSS fixed
- Footer text made dynamic from admin panel
- Course curriculum layout issue fixed
- Course duration value fixed
- Course title short layout enhanced

**Version 2.4 – 17 September, 2019**

\- User interface updated

**version 2.3 – 12 August, 2019**

\- Course progress feature added for students
- Students can mark / unmark a lesson as complete
- My course page shows completion percentage of every purchased course
- Video lessons can be resumed from last time watched ( applicable for .mp4 videos )

**version 2.2 – 10 July, 2019**

\- Course playing page new layout introduced. Designed and coded from scratch.
- Theme installation option added.
- Theme chooser, activation and deactivation option added.

**version 2.1 – 16 June, 2019**

\- stripe payment gateway api updated
- admin now have option to enable or disable email verification
- course purchasing cart page crash issue fixed

**version 2.0 – 10 June, 2019**

\- quiz module introduced
- MCQ question manager for course quiz
- quiz sorting option added
- new course manager layout
- course filter for admin to sort out easily
- courses and section now grouped in a single page
- brand new admin panel layout
- admin now have monthly income graph chart
- new instructor dedicated panel introduced
- category manager updated
- new course filter page added in frontend website
- courses can be filtered by category, price, level, language, rating
- filter course with list view and grid view
- all user login page unified in a single form
- new website launched for academy : http://www.academy-lms.com

**version 1.3 – March, 2019**

\* Free course enrolment opportunity
\* Confirmation email on student account register
\* Custom smtp settings for site admin
\* Stopped playing course preview on background
\* Shopping cart view updated
\* Minor bugs fixes

**version 1.2 – January, 2019**

\* Lesson file type added : text, pdf, doc, own server video
\* Description field for all course lessons
\* Video player updated and enhanced 
\* Added course title/summary to course playing page
\* Course activation notification updated.
\* Site title issue fixed
\* Seo settings for course pages
\* Added currency settings

**version 1.1 – November, 2018**  
\[ backend \]

\* Status Wise course creating.
\* Show number of courses by status on Dashboard as well as on Admin navigation menu.
\* Made managing sub-category more comprehensive on the category page.
\* Added icon picker on Category and subcategory add and edit form
\* Added an instructor filter on course table.
\* Separated Active and Pending courses status wise inside the course page.
\* Admin now has an option of “View Course on Frontend” inside course page.
\* Admin now can make a course Active as well as Pending.
\* Made Course overview URL optional while creating a course.
\* Made Course thumbnail optional while creating a course.
\* Made generating Lesson’s video duration more understandable. 
\* Added an optional Payment information field for Student. While creating and editing student. It is required for Instructors only.
\* Added Enrol a Student option. Now admin can enrol a student manually from the backend.
\* A new navigation menu “Report" has been added. 
\* Admin now can see all the revenue he got after a successful course purchasing.
\* Admin now can see all the revenue an Instructor got after a successful course purchasing.
\* Admin now can pay instructors.
\* Made Updater module functional for future updates.
\* Added two different Logo Uploader. One for backend another for Frontend.
\* Added Favicon uploader.
\* Added Instructor settings inside Settings option.
\* Fixed the “Action” Button breaking on small devices.
\* Dynamic footer text.

\[ frontend \]

\* Showing all the courses by course status. That means only Active courses are now being shown.
\* Fixed the login modal’s title.
\* Wish listed courses are now can be removed from the wish list page.
\* Already Purchased Button now redirects to My Courses page.
\* Fixed the issue of courses with no course overview URL or course thumbnail.
\* Instructor can see his course’s curriculums from the Course details page.
\* Respective instructor details of every course is showing on course details page.
\* Fixed the escape HTML tags issue on instructor Biography.
\* Added Instructor menu on the frontend navigation.
\* Creating course from the frontend.
\* Separated Active, Pending and Drafted course on instructor dashboard.
\* Instructor can see his created course details and respected course’s lessons from the frontend.
\* Instructor can make a published course to Draft course.
\* Instructor can create, update and delete sections from the frontend.
\* Serialize sections from the frontend.
\* Can Add, Update or Delete lessons from the frontend.
\* Instructor’s Payment report on the frontend.
\* Payment settings. Which is mandatory for being an Instructor.

**version 1.0 – October, 2018**

\- first version released

**Requirements**

*   Apache web server for running php
*   PHP version 7
*   Mysql database access, purchase code during installation
*   Php curl should be enabled
*   One purchase code is legal for using one domain only

**Contact support**

Send us a ticket for presale questions and getting after sales developer support via zendesk.  
http://support.creativeitem.com

CVE-2022-38553: Academy Learning Management System

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.



@@ -1222,4 +1222,34 @@ describe("Express xss Sanitize", function () {

});

});

});

  

describe("Sanitize data with custom options as function", function () {

describe("Sanitize simple object", function () {

it("should sanitize dirty body.", function (done) {

expect(sanitize({

a: "<script>Test</script>",

b: '<p onclick="return;">Test</p>',

c: '<img src="/"/>',

}, { allowedKeys: \["c"\] })).to.eql({

a: "",

b: "<p>Test</p>",

c: '<img src="/"/>',

});

done();

});

});

  

describe("XSS bypass by using prototype pollution issue", function () {

it("should sanitize dirty data after prototype pollution.", function (done) {

// eslint-disable-next-line no-extend-native

Object.prototype.allowedTags \= \['script'\];

expect(sanitize({

a: "<script>Test</script>",

}, {})).to.eql({

a: "",

});

done();

});

});

});

});

CVE-2022-21169: fix XSS bypass by using prototype pollution issue. · AhmedAdelFahim/express-xss-sanitizer@3bf8aaa

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

**Jodit Editor vulnerable to Cross-site Scripting**

Moderate severity GitHub Reviewed Published Sep 25, 2022 • Updated Sep 27, 2022

GHSA-42hx-vrxx-5r6v: Jodit Editor vulnerable to Cross-site Scripting

**Coordinated Disclosure Timeline**

*   2022/05/12: Report sent to security@xdsoft.net
*   2022/05/12: Maintainer replies vulnerability is no longer reproducible, they created custom sanitization functions
*   2022/05/13: Bypass sent to maintainer
*   2022/06/12: Asked for status update to maintainer
*   2022/08/10: Deadline expired
*   2022/09/06: CVE-2022-23461 assigned

**Summary**

Jodit Editor 3 is vulnerable to XSS attacks when pasting specially constructed input.

**Product**

Jodit Editor 3

**Tested Version**

3.16.5

**Details****Issue: XSS in jodit editor (GHSL-2022-030)**

This LGTM query run highlights several locations, all of which I believe to be exploitable. I _believe_ this is the location triggered by the PoC.

**PoC:**

1.  Open https://cdn.sekurak.pl/copy-paste/playground.html in your browser, enter the text below in the HTML Input box:

    <html>
      <body>
      <meta name=Generator content="Microsoft Word 15">
      <img src="" onerror="alert(123)" />
      </body>
    </html>
    

1.  Click Copy as HTML.
2.  Go to https://xdsoft.net/jodit/
3.  Paste the text you copied in \[3\].
4.  Click Keep.
5.  JavaScript: alert(123) is executed.

**Impact**

This issue may lead to XSS in any webpage that uses the editor. Users who copy-paste content from a page controlled by an attacker may be vulnerable.

*   CVE-2022-23461

**Credit**

This issue was discovered by CodeQL team members @kaeluka (Stephan Brandauer) and @erik-krogh (Erik Krogh Kristensen), using a CodeQL query originally contributed by community member @bananabr (Daniel Santos).

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2022-030 in any communication regarding this issue.

CVE-2022-23461: GHSL-2022-030: Cross-Site Scripting (XSS) in Jodit Editor 3 - CVE-2022-23461

MyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround.

**Impact**

MyGraph is a permission management system.  
MyGraph version 1.0.3 has a storage XSS vulnerability  
Remote code execution vulnerability is a Web security vulnerability, we can execute any command, such as whoami.

**Patches**

https://github.com/renlm/MyGraph

**Workarounds**

After logging in to the background of MyGraph, you can add an XSS attack code in the "Project name" in the "Workbench" - "Knowledge Library" - "My Project" - "New", so that remote attackers can steal the user's personal information, or even phishing.

**References**

None

**For more information**

Add XSS utilization code.  
  
Set to public. The attacker can receive user information when other administrators access it.

CVE-2022-39240: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in MyGraph

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed.

CVE-2022-35251

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

This document describes the security content of iCloud for Windows 7.21.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**iCloud for Windows 7.21**

Released September 24, 2020

**ImageIO**

Available for: Windows 7 and later

Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-36521: Xingwei Lin of Ant-Financial Light-Year Security Lab

Entry added May 25, 2022

**SQLite**

Available for: Windows 7 and later

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2020-9991

Entry added November 12, 2020

**SQLite**

Available for: Windows 7 and later

Impact: Multiple issues in SQLite

Description: Multiple issues were addressed by updating SQLite to version 3.32.3.

CVE-2020-15358

Entry added November 12, 2020

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-9952: Ryan Pickren (ryanpickren.com)

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: May 25, 2022

CVE-2020-36521: About the security content of iCloud for Windows 7.21

Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

SEO Redirection is a powerful redirect manager to manage 301 redirects, you can build and manage redirects easily for your site,  
This plugin is useful if you want to migrating pages from an old website, or are changing the directory of your WordPress website.

New features include:

*   Manually add 301, 302, and 307 redirections for a WordPress post
*   Supports wild card redirection.
*   Fix Crawl Errors (404 & soft 404) in Google Search Console(New)
*   WPML Support (WordPress Multi-language integration) (New)
*   Import/Export feature (New)
*   Adding the last access time & total hits to the redirects list (New)
*   Automatically add a 301 redirection when a post’s URL changes
*   Redirect posts and pages that published, draft or deleted from it\\’s edit page directly.
*   Advanced control panel to control all functions of the plugin.
*   You can redirect folders and all it’s content.
*   Full logs for all redirected URLs
*   You can use regular expressions in redirections.
*   Reflect changes to all links when you move your site or change the domain name.
*   All URLs can be redirected, not just ones that don’t exist
*   Redirection methods – redirect based upon login status, redirect to random pages, redirect based upon the referrer!
*   Friendly GUI and easy to use.
*   Apache .htaccess is not required, works entirely inside WordPress
*   Redirect index.php, index.html, and index.htm access
*   Redirection statistics telling you how many times a redirection has occurred, when it last happened, who tried to do it, and where they found your URL
*   (GDPR compliance) You can customise the level of IP information that is collected by our plugin
*   You can also import from the “Redirection” Plugin (NEW)

The plugin is simple to install:

1.  Download seo-redirection.zip
2.  Unzip the file
3.  Upload seo-redirection directory to your /wp-content/plugins directory
4.  Go to the plugin management page and enable the plugin
5.  Configure the options from the Settings/SEO Redirection page

You can find full details of installing a plugin on the plugin installation page.

**Why would I want to use this instead of .htaccess?**

Redirections are automatically created when a post URL changed. Apache .htaccess is not required

**Is there a manual or knowledge base for this plugin?**

Yes, here is the plugin full knowledge base http://www.clogica.com/kb/

I bought and downloaded the plugin premium and put it on my wordpress, and today I had a problem that it caused a fatal error on my website. Please I really want you to fix this problem in the plugin, it is with Bug.

So where is the list that tells you the difference between the free and the paid? I usually like to see at a glance what this is with software offerings that have a free and paid version so I can make the quickest informed judgement as to how it will work for me. I see a zillion features and copy on the plugin page and sales page, LOL but nothing is telling me what the difference is? How can I make an informed decision without wasting my time experimenting with the plugin trying to find out if its going to suit my needs?

The plugin Plugin did'nt Work with my website, is'nt compatible with WP 4.7.8

I am trying to reach customer service to get access to my account so that I can submit a support ticket; however, HostGator is rejecting emails to info AT clogica DOT com stating there is, "No Such User Here." My organization uses this plugin extensively, but we are unable to find the user login and password under which it was originally registered. We are working on re-developing the site and need the information. If you can please help, that would be greatly appreciated. I am unable to call the phone number since it is in Palestine, so e-mail is the preferred means of communication. Thank you, kindly. WH

Plugin works great. Reached out to customer service with an issue and it was resolved within 24 hours.

Works well and the support is very attentive to requests, even for special cases. Problem resolved quickly.

Read all 74 reviews

“SEO Redirection Plugin – 301 Redirect Manager” is open source software. The following people have contributed to this plugin.

Contributors

*    wp-buy

**9.1**

*   Important security fixes.

**8.9**

*   Bug fixing in reading htaccess file

**8.8**

*   Important security fixes.

**8.7**

*   fix show more link on network sites

**8.6**

*   CSS fixing

**8.5**

*   Security bug fixing

**8.4**

*   ui enhancement

**8.3**

*   add settings page link under plugin name
*   Bug fixing in updating redirects

**8.2**

*   Important security fixes in Ajax requests

**8.1**

*   Important security fixes.

**7.9**

*   Security Bug fixing – Using nonce in deleting redirects

**7.8**

*   Bug fixing – CSRF issue

**7.7**

*   Bug fixing (solving http URLs issue)

**7.6**

*   Escaping data – part 2

**7.5**

*   Escaping data

**7.4**

*   Escaping data & Bug fixing

**7.3**

*   Bug fixing (solving datatable issues)

**7.2**

*   Bug fixing (solving security issues) – part 2

**7.1**

*   Bug fixing (solving security issues) – part 1

**6.4**

*   Bugs fixed

**6.3**

*   Bugs fixed
*   Can delete 404 log

**6.2**

*   bug fixed in redirection log

**6.1**

*   adding new tab for 404 history
*   adding more options in the options tab (404 options)

**5.3**

*   Bug fixed in redirect hits and last access

**5.2**

*   Bug fixed import redirects from Redirection Plugin

**5.1**

*   Bug fixed in forms

**5**

*   new features (sorting, deleting records)
*   The ability to import data from the “Redirection Plugin”

**4.17**

*   Bug fixed in http redirects

**4.16**

*   fixed (is\_plugin\_active issue)

**4.15**

*   fixing buddypress issue (redirects was not working for locked pages)
*   Some other enhancements

**4.14**

*   Adding option in the general options page for IP address GDPR Compatibility

**4.13**

*   GDPR Compatibility

**4.12**

*   fixing export redirects issue

**4.11**

*   fixing Undefined index error

**4.10**

*   fix deprecated issue in php 7

**4.9**

*   WPML support
*   Import/Export Feature
*   New interface design
*   Show last access time & total hits

**4.8**

*   display total 404 count

**4.7**

*   php 7 compatibility

**4.3**

*   Stored XSS fixes

**4.2**

*   Hot fixes
*   php 7 compatibility

**4.1**

*   Removing “404” tab, We replaced it by a new advanced 404 management plugin. Have a look on this by following this link https://wordpress.org/plugins/404-redirection-manager/

**4.0**

*   Please backup your data before using this version.

**3.9**

*   Fixing some issues.

**3.8**

*   Added feature, the capability to disable plugin for admin users

**3.7**

*   Hot fixes

**3.6**

*   Fixing some issues.

**3.5**

*   Fixing some issues.

**3.4**

*   Fixing error appears when deleting the plugin.

**3.3**

*   Hot fixes

**3.2**

*   Hot fixes

**3.1**

*   Redirect loops protection

**3**

*   Hot fixes

**2.9**

*   Hot fixes for redirecting woo-commerce products.

**2.8**

*   Redirect loop prevention.
*   The Ad for the premium version has become in a separate tab not in all the plugin screens as it may disturb some people.
*   Some other fixes.

**2.7**

*   Some fixes.

**2.6**

*   Some hot fixes.

**2.5**

*   Using relative URLs instead of absolute URL’s, This will useful when changing the domain name.

CVE-2022-38704: SEO Redirection Plugin – 301 Redirect Manager

An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload.

CVE-2022-40358

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586.

Tag

#xss