Changeset 3083082
- Timestamp:
- 05/08/2024 09:25:03 AM (3 months ago)
- Location:
- wpvulnerability
- Files:
-
- 63 added
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
wpvulnerability/trunk/changelog.txt
r3034122 r3083082 1 1 == Changelog == 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 2 22 3 23 = [3.1.1] - 2024-02-11 = -
wpvulnerability/trunk/readme.txt
r3034122 r3083082 3 3 Tags: security, vulnerability, site-health 4 4 Requires at least: 4.1 5 Tested up to: 6. 56 Stable tag: 3.1. 15 Tested up to: 6. 6 Stable tag: 3.1. 7 7 Requires PHP: 5.6 8 Version: 3.1. 19 License: EUPL v1.28 Version: 3.1. 9 License: EUPL1.2 10 10 License URI: https://www.eupl.eu/1.2/en/ 11 11 12 Enhance your WordPress site's security with this plugin, leveraging the comprehensive [WordPress Vulnerability Database API](https://vulnerability.wpsysadmin.com/). Stay informed about vulnerabilities in WordPress Core, Plugins, Themes, and PHP. Take proactive steps to safeguard your site.12 . 13 13 14 14 == Description == 15 15 16 This plugin taps into the power of the free and unlimited [WordPress Vulnerability Database API](https:// vulnerability.wpsysadmin.com/) to deliver vulnerability assessments directly within your WordPress dashboard. It's an essential tool for website administrators, developers, and anyone keen on maintaining a secure WordPress environment.16 This plugin taps into the power of the free and unlimited [WordPress Vulnerability Database API](https://.com/) to deliver vulnerability assessments directly within your WordPress dashboard. It's an essential tool for website administrators, developers, and anyone keen on maintaining a secure WordPress environment. 17 17 18 18 Secure your WordPress experience today, your first line of defense against vulnerabilities! … … 91 91 == Compatibility == 92 92 93 * WordPress 4.1 - WordPress 6. 5.93 * WordPress 4.1 - WordPress 6.. 94 94 * PHP 5.6 - PHP 8.3. 95 * WordPress Coding Standards 3. 0.1.95 * WordPress Coding Standards 3.. 96 96 * WP-CLI 2.3.0 - WP-CLI 2.10.0. 97 97 98 98 99 == Changelog == 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 99 119 100 120 = [3.1.1] - 2024-02-11 = … … 134 154 * Compatibility: PHP 5.6 - PHP 8.3. 135 155 * Compatibility: WordPress Coding Standards 3.0.1. 136 * Compatibility: WP-CLI 2.3.0 - WP-CLI 2.9.0. 137 138 = [3.0.2] - 2024-01-27 = 139 140 **Fixed** 141 142 * Fixes the WordPress Multisite saving options. 143 144 **Compatibility** 145 146 * Compatibility: WordPress 4.1 - WordPress 6.5. 147 * Compatibility: PHP 5.6 - PHP 8.3. 148 * Compatibility: WordPress Coding Standards 3.0.1. 149 * Compatibility: WP-CLI 2.3.0 - WP-CLI 2.9.0. 156 * Compatibility: WP-CLI 2.3.0 - WP-CLI 2.10.0. 150 157 151 158 == Security == … … 157 164 * [WordPress APIs Security](https://developer.wordpress.org/apis/security/) 158 165 * [WordPress Coding Standards](https://github.com/WordPress/WordPress-Coding-Standards) 166 159 167 160 168 == Privacy == … … 164 172 == Vulnerabilities == 165 173 166 * No vulnerabilities have been published up to version 3.1. 1.174 * No vulnerabilities have been published up to version 3.1.. 167 175 168 176 Found a security vulnerability? Please report it to us privately at the [WPVulnerability GitHub repository](https://github.com/javiercasares/wpvulnerability/security/advisories/new). -
wpvulnerability/trunk/wpvulnerability-admin.php
r3034122 r3083082 110 110 $wpvulnerability_message_manual_success = get_transient( 'wpvulnerability_message_manual_success' ); 111 111 if ( $wpvulnerability_message_manual_success ) { 112 echo '<div class="notice notice-success"><p>' . esc_html( $wpvulnerability_message_manual_success ) . '</p></div>';112 echo '<div class="notice notice-success"><p>' . esc_html( $wpvulnerability_message_manual_success ) . '</p></div>'; 113 113 delete_transient( 'wpvulnerability_message_manual_success' ); 114 114 unset( $wpvulnerability_message_manual_success ); … … 116 116 $wpvulnerability_message_manual_error = get_transient( 'wpvulnerability_message_manual_error' ); 117 117 if ( $wpvulnerability_message_manual_error ) { 118 echo '<div class="notice notice-error"><p>' . esc_html( $wpvulnerability_message_manual_error ) . '</p></div>';118 echo '<div class="notice notice-error"><p>' . esc_html( $wpvulnerability_message_manual_error ) . '</p></div>'; 119 119 delete_transient( 'wpvulnerability_message_manual_error' ); 120 120 unset( $wpvulnerability_message_manual_error ); … … 216 216 // Output the email input field. Use the network admin email as a placeholder in a multisite environment. 217 217 ?> 218 <input class="regular-text" type="text" name="wpvulnerability-config[emails]" id="wpvulnerability_emails" placeholder="<?php echo esc_attr( $admin_email ); ?>" value="<?php echo esc_attr($wpvulnerability_settings['emails'] ); ?>">219 <br><small><?php esc_html_e( 'Default administrator email', 'wpvulnerability' ); ?>: <?php echo esc_attr( $admin_email ); ?></small>218 <input class="regular-text" type="text" name="wpvulnerability-config[emails]" id="wpvulnerability_emails" placeholder="<?php echo esc_attr( $wpvulnerability_settings['emails'] ); ?>"> 219 <br><small><?php esc_html_e( 'Default administrator email', 'wpvulnerability' ); ?>: <?php echo esc_attr( $admin_email ); ?></small> 220 220 <?php 221 221 … … 352 352 353 353 if ( ! $wpvulnerability_test_core_counter ) { 354 echo '<li>✔️ < span class="dashicons dashicons-wordpress"></span> ' . esc_html($msg_core ) . '</li>';355 } else { 356 echo '<li>❌ < span class="dashicons dashicons-wordpress"></span> ' . esc_html($msg_core ) . '</li>';354 echo '<li>✔️ < $msg_core ) . '</li>'; 355 } else { 356 echo '<li>❌ < $msg_core ) . '</li>'; 357 357 } 358 358 359 359 if ( ! $wpvulnerability_test_plugins_counter ) { 360 echo '<li>✔️ < span class="dashicons dashicons-admin-plugins"></span> ' . esc_html($msg_plugins ) . '</li>';361 } else { 362 echo '<li>❌ < span class="dashicons dashicons-admin-plugins"></span> ' . esc_html($msg_plugins );360 echo '<li>✔️ < $msg_plugins ) . '</li>'; 361 } else { 362 echo '<li>❌ < $msg_plugins ); 363 363 echo wpvulnerability_list_plugins(); // phpcs:ignore 364 364 echo '</li>'; … … 366 366 367 367 if ( ! $wpvulnerability_test_themes_counter ) { 368 echo '<li>✔️ < span class="dashicons dashicons-admin-appearance"></span> ' . esc_html($msg_themes ) . '</li>';369 } else { 370 echo '<li>❌ < span class="dashicons dashicons-admin-appearance"></span> ' . esc_html($msg_themes );368 echo '<li>✔️ < $msg_themes ) . '</li>'; 369 } else { 370 echo '<li>❌ < $msg_themes ); 371 371 echo wpvulnerability_list_themes(); // phpcs:ignore 372 372 echo '</li>'; … … 374 374 375 375 if ( ! $wpvulnerability_test_php_counter ) { 376 echo '<li>✔️ < span class="dashicons dashicons-editor-code"></span> ' . esc_html($msg_php ) . '</li>';377 } else { 378 echo '<li>❌ < span class="dashicons dashicons-editor-code"></span> ' . esc_html($msg_php ) . '</li>';376 echo '<li>✔️ < $msg_php ) . '</li>'; 377 } else { 378 echo '<li>❌ < $msg_php ) . '</li>'; 379 379 } 380 380 -
wpvulnerability/trunk/wpvulnerability-adminms.php
r3034122 r3083082 71 71 $wpvulnerability_input['emails'] = array(); 72 72 if ( isset( $_POST['wpvulnerability-config']['emails'] ) ) { 73 $wpvulnerability_config_emails = wp_kses( wp_unslash( $_POST['wpvulnerability-config']['emails'] ), 'strip' );73 $wpvulnerability_config_emails = wp_kses( wp_unslash( $_POST['wpvulnerability-config']['emails'] ), 'strip' ); 74 74 $wpvulnerability_input_email_text = explode( ',', $wpvulnerability_config_emails ); 75 75 foreach ( $wpvulnerability_input_email_text as $wpvulnerability_input_email ) { … … 90 90 $wpvulnerability_input['period'] = null; 91 91 if ( isset( $_POST['wpvulnerability-config']['period'] ) ) { 92 $wpvulnerability_input['period'] = wp_kses( wp_unslash( $_POST['wpvulnerability-config']['period'] ), 'strip' );92 $wpvulnerability_input['period'] = wp_kses( wp_unslash( $_POST['wpvulnerability-config']['period'] ), 'strip' ); 93 93 } 94 94 switch ( $wpvulnerability_input['period'] ) { … … 191 191 $wpvulnerability_message_manual_success = get_transient( 'wpvulnerability_message_manual_success' ); 192 192 if ( $wpvulnerability_message_manual_success ) { 193 echo '<div class="notice notice-success"><p>' . esc_html( $wpvulnerability_message_manual_success ) . '</p></div>';193 echo '<div class="notice notice-success"><p>' . esc_html( $wpvulnerability_message_manual_success ) . '</p></div>'; 194 194 delete_transient( 'wpvulnerability_message_manual_success' ); 195 195 unset( $wpvulnerability_message_manual_success ); … … 197 197 $wpvulnerability_message_manual_error = get_transient( 'wpvulnerability_message_manual_error' ); 198 198 if ( $wpvulnerability_message_manual_error ) { 199 echo '<div class="notice notice-error"><p>' . esc_html( $wpvulnerability_message_manual_error ) . '</p></div>';199 echo '<div class="notice notice-error"><p>' . esc_html( $wpvulnerability_message_manual_error ) . '</p></div>'; 200 200 delete_transient( 'wpvulnerability_message_manual_error' ); 201 201 unset( $wpvulnerability_message_manual_error ); … … 302 302 // Output the email input field and display the admin email as a hint. 303 303 ?> 304 <input class="regular-text" type="text" name="wpvulnerability-config[emails]" id="wpvulnerability_emails" placeholder="<?php echo esc_attr( $admin_email ); ?>" value="<?php echo esc_attr($wpvulnerability_settings['emails'] ); ?>">305 <br><small><?php esc_html_e( 'Default administrator email', 'wpvulnerability' ); ?>: <?php echo esc_attr( $admin_email ); ?></small>304 <input class="regular-text" type="text" name="wpvulnerability-config[emails]" id="wpvulnerability_emails" placeholder="<?php echo esc_attr( $wpvulnerability_settings['emails'] ); ?>"> 305 <br><small><?php esc_html_e( 'Default administrator email', 'wpvulnerability' ); ?>: <?php echo esc_attr( $admin_email ); ?></small> 306 306 <?php 307 307 … … 368 368 369 369 // Get the number of PHP vulnerabilites from cache. 370 $wpvulnerability_test_php_counter = json_decode( get_ option( 'wpvulnerability-php-vulnerable' ) );370 $wpvulnerability_test_php_counter = json_decode( get_option( 'wpvulnerability-php-vulnerable' ) ); 371 371 if ( ! is_numeric( $wpvulnerability_test_php_counter ) ) { 372 372 $wpvulnerability_test_php_counter = 0; … … 381 381 382 382 if ( ! $wpvulnerability_test_core_counter ) { 383 echo '<li>✔️ < span class="dashicons dashicons-wordpress"></span> ' . esc_html($msg_core ) . '</li>';383 echo '<li>✔️ < $msg_core ) . '</li>'; 384 384 } else { 385 echo '<li>❌ < span class="dashicons dashicons-wordpress"></span> ' . esc_html($msg_core ) . '</li>';385 echo '<li>❌ < $msg_core ) . '</li>'; 386 386 } 387 387 388 388 if ( ! $wpvulnerability_test_plugins_counter ) { 389 echo '<li>✔️ < span class="dashicons dashicons-admin-plugins"></span> ' . esc_html($msg_plugins ) . '</li>';389 echo '<li>✔️ < $msg_plugins ) . '</li>'; 390 390 } else { 391 echo '<li>❌ < span class="dashicons dashicons-admin-plugins"></span> ' . esc_html($msg_plugins );391 echo '<li>❌ < $msg_plugins ); 392 392 echo wpvulnerability_list_plugins(); // phpcs:ignore 393 393 echo '</li>'; … … 395 395 396 396 if ( ! $wpvulnerability_test_themes_counter ) { 397 echo '<li>✔️ < span class="dashicons dashicons-admin-appearance"></span> ' . esc_html($msg_themes ) . '</li>';397 echo '<li>✔️ < $msg_themes ) . '</li>'; 398 398 } else { 399 echo '<li>❌ < span class="dashicons dashicons-admin-appearance"></span> ' . esc_html($msg_themes );399 echo '<li>❌ < $msg_themes ); 400 400 echo wpvulnerability_list_themes(); // phpcs:ignore 401 401 echo '</li>'; … … 403 403 404 404 if ( ! $wpvulnerability_test_php_counter ) { 405 echo '<li>✔️ < span class="dashicons dashicons-editor-code"></span> ' . esc_html($msg_php ) . '</li>';405 echo '<li>✔️ < $msg_php ) . '</li>'; 406 406 } else { 407 echo '<li>❌ < span class="dashicons dashicons-editor-code"></span> ' . esc_html($msg_php ) . '</li>';407 echo '<li>❌ < $msg_php ) . '</li>'; 408 408 } 409 409 -
wpvulnerability/trunk/wpvulnerability-cli.php
r3034122 r3083082 47 47 $vulnerabilities, 48 48 array( 49 'Version' => trim( html_entity_decode( wp_kses( $vulnerability['name'], 'strip' ) ) ),50 'Vulnerability information' => '[*] WordPress ' . trim( html_entity_decode( wp_kses( $vulnerability['name'], 'strip' ) ) ),49 'Version' => trim( html_entity_decode( wp_kses( $vulnerability['name'], 'strip' ) ) ), 50 'Vulnerability information' => '[*] WordPress ' . trim( html_entity_decode( wp_kses( $vulnerability['name'], 'strip' ) ) ), 51 51 ) 52 52 ); … … 69 69 array( 70 70 'Version' => ' ', 71 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['name'], 'strip' ) ) ),72 ) 73 ); 74 75 array_push( 76 $vulnerabilities, 77 array( 78 'Version' => ' ', 79 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['description'], 'strip' ) ) ),71 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['name'], 'strip' ) ) ), 72 ) 73 ); 74 75 array_push( 76 $vulnerabilities, 77 array( 78 'Version' => ' ', 79 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['description'], 'strip' ) ) ), 80 80 ) 81 81 ); … … 139 139 array( 140 140 'Version' => ' ', 141 'Vulnerability information' => '[+] ' . trim( html_entity_decode( wp_kses( $vulnerability_source['name'], 'strip' ) ) ),142 ) 143 ); 144 array_push( 145 $vulnerabilities, 146 array( 147 'Version' => ' ', 148 'Vulnerability information' => ' ' . esc_url_raw( $vulnerability_source['link'], 'strip' ),141 'Vulnerability information' => '[+] ' . trim( html_entity_decode( wp_kses( $vulnerability_source['name'], 'strip' ) ) ), 142 ) 143 ); 144 array_push( 145 $vulnerabilities, 146 array( 147 'Version' => ' ', 148 'Vulnerability information' => ' ' . esc_url_raw( $vulnerability_source['link'], 'strip' ), 149 149 ) 150 150 ); … … 189 189 if ( 1 === $plugin['vulnerable'] ) { 190 190 191 $name = trim( html_entity_decode( wp_kses( $plugin['Name'], 'strip' ) ) );191 $name = trim( html_entity_decode( wp_kses( $plugin['Name'], 'strip' ) ) ); 192 192 193 193 // Output the plugin name with red color. … … 207 207 $vulnerabilities, 208 208 array( 209 'Version' => trim( html_entity_decode( wp_kses( $vulnerability['versions'], 'strip' ) ) ),210 'Vulnerability information' => '[*] ' . trim( html_entity_decode( wp_kses( $vulnerability['name'], 'strip' ) ) ),209 'Version' => trim( html_entity_decode( wp_kses( $vulnerability['versions'], 'strip' ) ) ), 210 'Vulnerability information' => '[*] ' . trim( html_entity_decode( wp_kses( $vulnerability['name'], 'strip' ) ) ), 211 211 ) 212 212 ); … … 253 253 array( 254 254 'Version' => ' ', 255 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['name'], 'strip' ) ) ),256 ) 257 ); 258 259 array_push( 260 $vulnerabilities, 261 array( 262 'Version' => ' ', 263 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['description'], 'strip' ) ) ),255 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['name'], 'strip' ) ) ), 256 ) 257 ); 258 259 array_push( 260 $vulnerabilities, 261 array( 262 'Version' => ' ', 263 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['description'], 'strip' ) ) ), 264 264 ) 265 265 ); … … 323 323 array( 324 324 'Version' => ' ', 325 'Vulnerability information' => '[+] ' . trim( html_entity_decode( wp_kses( $vulnerability_source['name'], 'strip' ) ) ),326 ) 327 ); 328 array_push( 329 $vulnerabilities, 330 array( 331 'Version' => ' ', 332 'Vulnerability information' => ' ' . esc_url_raw( $vulnerability_source['link'], 'strip' ),325 'Vulnerability information' => '[+] ' . trim( html_entity_decode( wp_kses( $vulnerability_source['name'], 'strip' ) ) ), 326 ) 327 ); 328 array_push( 329 $vulnerabilities, 330 array( 331 'Version' => ' ', 332 'Vulnerability information' => ' ' . esc_url_raw( $vulnerability_source['link'], 'strip' ), 333 333 ) 334 334 ); … … 375 375 if ( 1 === $theme['wpvulnerability']['vulnerable'] ) { 376 376 377 $name = trim( html_entity_decode( wp_kses( $theme['wpvulnerability']['name'], 'strip' ) ) );377 $name = trim( html_entity_decode( wp_kses( $theme['wpvulnerability']['name'], 'strip' ) ) ); 378 378 379 379 // Output the theme name with red color. … … 393 393 $vulnerabilities, 394 394 array( 395 'Version' => trim( html_entity_decode( wp_kses( $vulnerability['versions'], 'strip' ) ) ),396 'Vulnerability information' => '[*] ' . trim( html_entity_decode( wp_kses( $vulnerability['name'], 'strip' ) ) ),395 'Version' => trim( html_entity_decode( wp_kses( $vulnerability['versions'], 'strip' ) ) ), 396 'Vulnerability information' => '[*] ' . trim( html_entity_decode( wp_kses( $vulnerability['name'], 'strip' ) ) ), 397 397 ) 398 398 ); … … 439 439 array( 440 440 'Version' => ' ', 441 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['name'], 'strip' ) ) ),442 ) 443 ); 444 445 array_push( 446 $vulnerabilities, 447 array( 448 'Version' => ' ', 449 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['description'], 'strip' ) ) ),441 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['name'], 'strip' ) ) ), 442 ) 443 ); 444 445 array_push( 446 $vulnerabilities, 447 array( 448 'Version' => ' ', 449 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_cwe['description'], 'strip' ) ) ), 450 450 ) 451 451 ); … … 509 509 array( 510 510 'Version' => ' ', 511 'Vulnerability information' => '[+] ' . trim( html_entity_decode( wp_kses( $vulnerability_source['name'], 'strip' ) ) ),512 ) 513 ); 514 array_push( 515 $vulnerabilities, 516 array( 517 'Version' => ' ', 518 'Vulnerability information' => ' ' . esc_url_raw( $vulnerability_source['link'], 'strip' ),511 'Vulnerability information' => '[+] ' . trim( html_entity_decode( wp_kses( $vulnerability_source['name'], 'strip' ) ) ), 512 ) 513 ); 514 array_push( 515 $vulnerabilities, 516 array( 517 'Version' => ' ', 518 'Vulnerability information' => ' ' . esc_url_raw( $vulnerability_source['link'], 'strip' ), 519 519 ) 520 520 ); … … 573 573 $vulnerabilities, 574 574 array( 575 'Version' => trim( html_entity_decode( wp_kses( $php['versions'], 'strip' ) ) ),576 'Vulnerability information' => '[*] ' . trim( html_entity_decode( wp_kses( $php['name'], 'strip' ) ) ),575 'Version' => trim( html_entity_decode( wp_kses( $php['versions'], 'strip' ) ) ), 576 'Vulnerability information' => '[*] ' . trim( html_entity_decode( wp_kses( $php['name'], 'strip' ) ) ), 577 577 ) 578 578 ); … … 605 605 array( 606 606 'Version' => ' ', 607 'Vulnerability information' => '[+] ' . trim( html_entity_decode( wp_kses( $vulnerability_source['id'], 'strip' ) ) ),608 ) 609 ); 610 array_push( 611 $vulnerabilities, 612 array( 613 'Version' => ' ', 614 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_source['description'], 'strip' ) ) ),615 ) 616 ); 617 array_push( 618 $vulnerabilities, 619 array( 620 'Version' => ' ', 621 'Vulnerability information' => ' ' . esc_url_raw( $vulnerability_source['link'], 'strip' ),607 'Vulnerability information' => '[+] ' . trim( html_entity_decode( wp_kses( $vulnerability_source['id'], 'strip' ) ) ), 608 ) 609 ); 610 array_push( 611 $vulnerabilities, 612 array( 613 'Version' => ' ', 614 'Vulnerability information' => trim( html_entity_decode( wp_kses( $vulnerability_source['description'], 'strip' ) ) ), 615 ) 616 ); 617 array_push( 618 $vulnerabilities, 619 array( 620 'Version' => ' ', 621 'Vulnerability information' => ' ' . esc_url_raw( $vulnerability_source['link'], 'strip' ), 622 622 ) 623 623 ); -
wpvulnerability/trunk/wpvulnerability-core.php
r3034122 r3083082 43 43 if ( isset( $vulnerability['impact']['cwe'] ) ) { 44 44 foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) { 45 $what[] = '<div><b>' . wp_kses( $vulnerability_cwe['name'], 'strip' ) . '</b></div><div><i>' . wp_kses_post($vulnerability_cwe['description'] ) . '</i></div>';45 $what[] = '<div><b>' . wp_kses( $vulnerability_cwe['description'] ) . '</i></div>'; 46 46 } 47 47 } … … 50 50 if ( isset( $vulnerability['source'] ) ) { 51 51 foreach ( $vulnerability['source'] as $vulnerability_source ) { 52 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['link'], 'strip' ) . '" target="_blank" rel="external nofollow noopener noreferrer">[+]</a> ' . wp_kses($vulnerability_source['name'], 'strip' );52 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['name'], 'strip' ); 53 53 } 54 54 } … … 67 67 68 68 $information .= '<tr>'; 69 $information .= '<td style="max-width: 256px; min-width: 96px;">WordPress <b>' . wp_kses( $vulnerability['name'], 'strip' ) . '</b></td>';69 $information .= '<td style="max-width: 256px; min-width: 96px;">WordPress <b>' . wp_kses( $vulnerability['name'], 'strip' ) . '</b></td>'; 70 70 $information .= '<td>'; 71 71 if ( count( $what ) ) { … … 86 86 $information .= '</div>'; 87 87 } 88 $information .= wp_kses( $source, 'post' );88 $information .= wp_kses( $source, 'post' ); 89 89 $information .= '</td>'; 90 90 $information .= '</tr>'; … … 122 122 123 123 $core_data[] = array( 124 'name' => wp_kses( $v['name'], 'strip' ),124 'name' => wp_kses( $v['name'], 'strip' ), 125 125 'source' => $v['source'], 126 126 'impact' => $v['impact'], -
wpvulnerability/trunk/wpvulnerability-general.php
r3034122 r3083082 287 287 288 288 $vulnerability[] = array( 289 'name' => wp_kses( $v['name'], 'strip' ),290 'link' => esc_url_raw( $v['link'] ),289 'name' => wp_kses( $v['name'], 'strip' ), 290 'link' => esc_url_raw( $v['link'] ), 291 291 'source' => $v['source'], 292 292 'impact' => $v['impact'], … … 333 333 if ( isset( $response['data'] ) ) { 334 334 $vulnerability = array( 335 'name' => wp_kses( (string) $response['data']['name'], 'strip' ),335 'name' => wp_kses( (string) $response['data']['name'], 'strip' ), 336 336 'link' => esc_url( (string) $response['data']['link'] ), 337 337 'latest' => number_format( (int) $response['data']['latest'], 0, '.', '' ), … … 356 356 // Add the vulnerability to the array. 357 357 $vulnerability[] = array( 358 'name' => wp_kses( $v['name'], 'strip' ),359 'description' => wp_kses_post( $v['description'] ),358 'name' => wp_kses( $v['name'], 'strip' ), 359 'description' => wp_kses_post( $v['description'] ), 360 360 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['min_operator'] ) . $v['operator']['min_version'] . ' - ' . wpvulnerability_pretty_operator( $v['operator']['max_operator'] ) . $v['operator']['max_version'], 'strip' ), 361 'version' => wp_kses( $v['operator']['min_version'], 'strip' ),361 'version' => wp_kses( $v['operator']['min_version'], 'strip' ), 362 362 'unfixed' => (int) $v['operator']['unfixed'], 363 363 'closed' => (int) $v['operator']['closed'], … … 375 375 // Add the vulnerability to the list. 376 376 $vulnerability[] = array( 377 'name' => wp_kses( $v['name'], 'strip' ),378 'description' => wp_kses_post( $v['description'] ),377 'name' => wp_kses( $v['name'], 'strip' ), 378 'description' => wp_kses_post( $v['description'] ), 379 379 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['max_operator'] ) . $v['operator']['max_version'], 'strip' ), 380 'version' => wp_kses( $v['operator']['max_version'], 'strip' ),380 'version' => wp_kses( $v['operator']['max_version'], 'strip' ), 381 381 'unfixed' => (int) $v['operator']['unfixed'], 382 382 'closed' => (int) $v['operator']['closed'], … … 394 394 // Add the vulnerability to the list. 395 395 $vulnerability[] = array( 396 'name' => wp_kses( $v['name'], 'strip' ),397 'description' => wp_kses_post( $v['description'] ),396 'name' => wp_kses( $v['name'], 'strip' ), 397 'description' => wp_kses_post( $v['description'] ), 398 398 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['min_operator'] ) . $v['operator']['min_version'], 'strip' ), 399 'version' => wp_kses( $v['operator']['min_version'], 'strip' ),399 'version' => wp_kses( $v['operator']['min_version'], 'strip' ), 400 400 'unfixed' => (int) $v['operator']['unfixed'], 401 401 'closed' => (int) $v['operator']['closed'], … … 452 452 // Add the vulnerability to the list. 453 453 $vulnerability[] = array( 454 'name' => wp_kses( $v['name'], 'strip' ),455 'description' => wp_kses_post( $v['description'] ),454 'name' => wp_kses( $v['name'], 'strip' ), 455 'description' => wp_kses_post( $v['description'] ), 456 456 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['min_version'] ) . $v['operator']['min_version'] . ' - ' . wpvulnerability_pretty_operator( $v['operator']['max_operator'] ) . $v['operator']['max_version'], 'strip' ), 457 'version' => wp_kses( $v['operator']['min_version'], 'strip' ),457 'version' => wp_kses( $v['operator']['min_version'], 'strip' ), 458 458 'unfixed' => (int) $v['operator']['unfixed'], 459 459 'closed' => (int) $v['operator']['closed'], … … 471 471 // Add the vulnerability to the list. 472 472 $vulnerability[] = array( 473 'name' => wp_kses( $v['name'], 'strip' ),474 'description' => wp_kses_post( $v['description'] ),473 'name' => wp_kses( $v['name'], 'strip' ), 474 'description' => wp_kses_post( $v['description'] ), 475 475 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['max_operator'] ) . $v['operator']['max_version'], 'strip' ), 476 'version' => wp_kses( $v['operator']['max_version'], 'strip' ),476 'version' => wp_kses( $v['operator']['max_version'], 'strip' ), 477 477 'unfixed' => (int) $v['operator']['unfixed'], 478 478 'closed' => (int) $v['operator']['closed'], … … 490 490 // Add the vulnerability to the list. 491 491 $vulnerability[] = array( 492 'name' => wp_kses( $v['name'], 'strip' ),493 'description' => wp_kses_post( $v['description'] ),492 'name' => wp_kses( $v['name'], 'strip' ), 493 'description' => wp_kses_post( $v['description'] ), 494 494 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['min_version'] ) . $v['operator']['min_version'], 'strip' ), 495 'version' => wp_kses( $v['operator']['min_version'], 'strip' ),495 'version' => wp_kses( $v['operator']['min_version'], 'strip' ), 496 496 'unfixed' => (int) $v['operator']['unfixed'], 497 497 'closed' => (int) $v['operator']['closed'], … … 634 634 // Add the vulnerability to the list. 635 635 $vulnerability[] = array( 636 'name' => wp_kses( $v['name'], 'strip' ),636 'name' => wp_kses( $v['name'], 'strip' ), 637 637 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['min_version'] ) . $v['operator']['min_version'] . ' - ' . wpvulnerability_pretty_operator( $v['operator']['max_operator'] ) . $v['operator']['max_version'], 'strip' ), 638 'version' => wp_kses( $v['operator']['min_version'], 'strip' ),638 'version' => wp_kses( $v['operator']['min_version'], 'strip' ), 639 639 'unfixed' => (int) $v['operator']['unfixed'], 640 640 'source' => $v['source'], … … 650 650 // Add the vulnerability to the list. 651 651 $vulnerability[] = array( 652 'name' => wp_kses( $v['name'], 'strip' ),652 'name' => wp_kses( $v['name'], 'strip' ), 653 653 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['max_operator'] ) . $v['operator']['max_version'], 'strip' ), 654 'version' => wp_kses( $v['operator']['max_version'], 'strip' ),654 'version' => wp_kses( $v['operator']['max_version'], 'strip' ), 655 655 'unfixed' => (int) $v['operator']['unfixed'], 656 656 'source' => $v['source'], … … 666 666 // Add the vulnerability to the list. 667 667 $vulnerability[] = array( 668 'name' => wp_kses( $v['name'], 'strip' ),668 'name' => wp_kses( $v['name'], 'strip' ), 669 669 'versions' => wp_kses( wpvulnerability_pretty_operator( $v['operator']['min_version'] ) . $v['operator']['min_version'], 'strip' ), 670 'version' => wp_kses( $v['operator']['min_version'], 'strip' ),670 'version' => wp_kses( $v['operator']['min_version'], 'strip' ), 671 671 'unfixed' => (int) $v['operator']['unfixed'], 672 672 'source' => $v['source'], -
wpvulnerability/trunk/wpvulnerability-plugins.php
r3034122 r3083082 39 39 /* translators: 1: Plugin name */ 40 40 __( '%1$s has a known vulnerability that may be affecting this version.', 'wpvulnerability' ), 41 wp_kses( $plugin_data['Name'], 'strip' )41 wp_kses( $plugin_data['Name'], 'strip' ) 42 42 ); 43 43 … … 57 57 if ( isset( $vulnerability['impact']['cwe'] ) ) { 58 58 foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) { 59 $what[] = '<div><b>' . wp_kses( $vulnerability_cwe['name'], 'strip' ) . '</b></div><div><i>' . wp_kses_post($vulnerability_cwe['description'] ) . '</i></div>';59 $what[] = '<div><b>' . wp_kses( $vulnerability_cwe['description'] ) . '</i></div>'; 60 60 } 61 61 } … … 64 64 if ( isset( $vulnerability['source'] ) ) { 65 65 foreach ( $vulnerability['source'] as $vulnerability_source ) { 66 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['link'], 'strip' ) . '" target="_blank" rel="external nofollow noopener noreferrer">[+]</a> ' . wp_kses($vulnerability_source['name'], 'strip' );66 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['name'], 'strip' ); 67 67 } 68 68 } … … 81 81 82 82 $information .= '<tr>'; 83 $information .= '<td style="max-width: 256px; min-width: 96px;"><b>' . wp_kses( $vulnerability['versions'], 'strip' ) . '</b></td>';83 $information .= '<td style="max-width: 256px; min-width: 96px;"><b>' . wp_kses( $vulnerability['versions'], 'strip' ) . '</b></td>'; 84 84 $information .= '<td>'; 85 85 if ( (int) $vulnerability['closed'] || (int) $vulnerability['unfixed'] ) { … … 110 110 $information .= '</div>'; 111 111 } 112 $information .= wp_kses( $source, 'post' );112 $information .= wp_kses( $source, 'post' ); 113 113 $information .= '</td>'; 114 114 $information .= '</tr>'; … … 148 148 // If the TextDomain key is empty, extract it from the file path. 149 149 if ( is_null( $plugin_slug ) ) { 150 $plugin_slug = wp_kses( $plugin_data['TextDomain'], 'strip' );150 $plugin_slug = wp_kses( $plugin_data['TextDomain'], 'strip' ); 151 151 } 152 152 153 153 // Get the plugin slug and version from the plugin data. 154 $plugin_version = wp_kses( $plugin_data['Version'], 'strip' );154 $plugin_version = wp_kses( $plugin_data['Version'], 'strip' ); 155 155 156 156 // Initialize vulnerability related fields. … … 200 200 // If the TextDomain key is empty, extract it from the file path. 201 201 if ( is_null( $plugin_slug ) ) { 202 $plugin_slug = wp_kses( $plugin_data['TextDomain'], 'strip' );202 $plugin_slug = wp_kses( $plugin_data['TextDomain'], 'strip' ); 203 203 } 204 204 205 205 // Get the plugin slug and version from the plugin data. 206 $plugin_version = wp_kses( $plugin_data['Version'], 'strip' );206 $plugin_version = wp_kses( $plugin_data['Version'], 'strip' ); 207 207 208 208 // Retrieve vulnerabilities for the plugin using its slug and version. … … 433 433 // If the TextDomain key is empty, extract it from the file path. 434 434 if ( is_null( $plugin_slug ) ) { 435 $plugin_slug = wp_kses( $plugin_data['TextDomain'], 'strip' );435 $plugin_slug = wp_kses( $plugin_data['TextDomain'], 'strip' ); 436 436 } 437 437 … … 470 470 } 471 471 472 echo '<p>' . wp_kses( $plugin_data_updated, 'strip' ) . ' (' . wp_kses($plugin_data_ago, 'strip' ) . ')</p>';472 echo '<p>' . wp_kses( $plugin_data_ago, 'strip' ) . ')</p>'; 473 473 474 474 if ( $warning_date ) { -
wpvulnerability/trunk/wpvulnerability-process.php
r3034122 r3083082 31 31 if ( isset( $vulnerability['impact']['cwe'] ) ) { 32 32 foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) { 33 $what[] = '<div><b>' . wp_kses( $vulnerability_cwe['name'], 'strip' ) . '</b></div><div><i>' . wp_kses_post($vulnerability_cwe['description'] ) . '</i></div>';33 $what[] = '<div><b>' . wp_kses( $vulnerability_cwe['description'] ) . '</i></div>'; 34 34 } 35 35 } … … 37 37 if ( isset( $vulnerability['source'] ) ) { 38 38 foreach ( $vulnerability['source'] as $vulnerability_source ) { 39 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['link'], 'strip' ) . '" target="_blank">[+]</a> ' . wp_kses($vulnerability_source['name'], 'strip' );39 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['name'], 'strip' ); 40 40 } 41 41 } … … 53 53 } 54 54 55 $html .= '<h4>' . wp_kses( $vulnerability['name'], 'strip' ) . '</h4>';55 $html .= '<h4>' . wp_kses( $vulnerability['name'], 'strip' ) . '</h4>'; 56 56 if ( (int) $vulnerability['closed'] || (int) $vulnerability['unfixed'] ) { 57 57 $html .= '<div style="padding-bottom: 5px;">'; … … 81 81 $html .= '</div>'; 82 82 } 83 $html .= wp_kses( $source, 'post' );83 $html .= wp_kses( $source, 'post' ); 84 84 85 85 } … … 90 90 $what = array(); 91 91 foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) { 92 $what[] = '<div><b>' . wp_kses( $vulnerability_cwe['name'], 'strip' ) . '</b></div><div><i>' . wp_kses_post($vulnerability_cwe['description'] ) . '</i></div>';92 $what[] = '<div><b>' . wp_kses( $vulnerability_cwe['description'] ) . '</i></div>'; 93 93 } 94 94 95 95 $sources = array(); 96 96 foreach ( $vulnerability['source'] as $vulnerability_source ) { 97 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['link'], 'strip' ) . '" target="_blank">[+]</a> ' . wp_kses($vulnerability_source['name'], 'strip' );97 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['name'], 'strip' ); 98 98 } 99 99 $source = '<div style="padding-bottom: 5px;">' . implode( '<br>', $sources ) . '</div>'; … … 108 108 } 109 109 110 $html .= '<h3> WordPress ' . wp_kses( $vulnerability['name'], 'strip' ) . '</h3>';110 $html .= '<h3> WordPress ' . wp_kses( $vulnerability['name'], 'strip' ) . '</h3>'; 111 111 if ( count( $what ) ) { 112 112 $html .= '<div style="padding-bottom: 5px;">'; … … 126 126 $html .= '</div>'; 127 127 } 128 $html .= wp_kses( $source, 'post' );128 $html .= wp_kses( $source, 'post' ); 129 129 130 130 } … … 135 135 $sources = array(); 136 136 foreach ( $vulnerability['source'] as $vulnerability_source ) { 137 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['link'], 'strip' ) . '" target="_blank">[+]</a> ' . wp_kses( $vulnerability_source['id'], 'strip' ) . '<br>' . wp_kses($vulnerability_source['description'], 'strip' );137 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['description'], 'strip' ); 138 138 } 139 139 $source = '<div style="padding-bottom: 5px;">' . implode( '<br>', $sources ) . '</div>'; 140 140 141 $html .= '<h4> ' . wp_kses( $vulnerability['name'], 'strip' ) . '</h4>';141 $html .= '<h4> ' . wp_kses( $vulnerability['name'], 'strip' ) . '</h4>'; 142 142 $html .= '<div style="padding-bottom: 5px;"></div>'; 143 $html .= wp_kses( $source, 'post' );143 $html .= wp_kses( $source, 'post' ); 144 144 145 145 } … … 170 170 171 171 // Generate HTML markup for the plugin vulnerability. 172 $html .= '<h3>' . esc_html__( 'Plugin', 'wpvulnerability' ) . ': ' . wp_kses( $plugin_data['Name'], 'strip' ) . '</h3>';172 $html .= '<h3>' . esc_html__( 'Plugin', 'wpvulnerability' ) . ': ' . wp_kses( $plugin_data['Name'], 'strip' ) . '</h3>'; 173 173 $html .= wpvulnerability_html( 'plugin', $plugin_data['vulnerabilities'] ); 174 174 … … 188 188 * Convert PHP vulnerabilities into HTML format. 189 189 * 190 * @version 2.0.0190 * @version .0 191 191 * 192 192 * @return string|false The HTML output if PHP vulnerabilities were found, false otherwise. … … 240 240 241 241 // Generate HTML markup for the plugin vulnerability. 242 $html .= '<li>' . wp_kses( $plugin_data['Name'], 'strip' ) . '</li>';242 $html .= '<li>' . wp_kses( $plugin_data['Name'], 'strip' ) . '</li>'; 243 243 244 244 } … … 277 277 278 278 // Generate HTML markup for the theme vulnerability. 279 $html .= '<h3>' . esc_html__( 'Theme', 'wpvulnerability' ) . ': ' . wp_kses( $theme_data['wpvulnerability']['name'], 'strip' ) . '</h3>';279 $html .= '<h3>' . esc_html__( 'Theme', 'wpvulnerability' ) . ': ' . wp_kses( $theme_data['wpvulnerability']['name'], 'strip' ) . '</h3>'; 280 280 $html .= wpvulnerability_html( 'theme', $theme_data['wpvulnerability']['vulnerabilities'] ); 281 281 … … 313 313 314 314 // Generate HTML markup for the theme vulnerability. 315 $html .= '<li>' . wp_kses( $theme_data['wpvulnerability']['name'], 'strip' ) . '</li>';315 $html .= '<li>' . wp_kses( $theme_data['wpvulnerability']['name'], 'strip' ) . '</li>'; 316 316 317 317 } -
wpvulnerability/trunk/wpvulnerability-themes.php
r3034122 r3083082 40 40 /* translators: 1: theme name */ 41 41 __( '%1$s has a known vulnerability that may be affecting this version.', 'wpvulnerability' ), 42 wp_kses( $theme_data->get( 'Name' ), 'strip' )42 wp_kses( $theme_data->get( 'Name' ), 'strip' ) 43 43 ); 44 44 … … 58 58 if ( isset( $vulnerability['impact']['cwe'] ) ) { 59 59 foreach ( $vulnerability['impact']['cwe'] as $vulnerability_cwe ) { 60 $what[] = '<div><b>' . wp_kses( $vulnerability_cwe['name'], 'strip' ) . '</b></div><div><i>' . wp_kses_post( $vulnerability_cwe['description'] ) . '</i></div>';60 $what[] = '<div><b>' . wp_kses( $vulnerability_cwe['name'], 'strip' ) . '</b></div><div><i>' . wp_kses_post( $vulnerability_cwe['description'] ) . '</i></div>'; 61 61 } 62 62 } … … 65 65 if ( isset( $vulnerability['source'] ) ) { 66 66 foreach ( $vulnerability['source'] as $vulnerability_source ) { 67 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['link'], 'strip' ) . '" target="_blank" rel="external nofollow noopener noreferrer">[+]</a> ' . wp_kses($vulnerability_source['name'], 'strip' );67 $sources[] = '<a href="' . esc_url_raw( $vulnerability_source['name'], 'strip' ); 68 68 } 69 69 } … … 82 82 83 83 $information .= '<tr>'; 84 $information .= '<td style="max-width: 256px; min-width: 96px;"><b>' . wp_kses( $vulnerability['versions'], 'strip' ) . '</b></td>';84 $information .= '<td style="max-width: 256px; min-width: 96px;"><b>' . wp_kses( $vulnerability['versions'], 'strip' ) . '</b></td>'; 85 85 $information .= '<td>'; 86 86 if ( (int) $vulnerability['closed'] || (int) $vulnerability['unfixed'] ) { … … 111 111 $information .= '</div>'; 112 112 } 113 $information .= wp_kses( $source, 'post' );113 $information .= wp_kses( $source, 'post' ); 114 114 $information .= '</td>'; 115 115 $information .= '</tr>'; … … 137 137 138 138 // Get the theme version and slug from the theme data. 139 $theme_version = wp_kses( $theme_data['data']->get( 'Version' ), 'strip' );139 $theme_version = wp_kses( $theme_data['data']->get( 'Version' ), 'strip' ); 140 140 $theme_data_v['slug'] = $theme_slug; 141 141 -
wpvulnerability/trunk/wpvulnerability.php
r3034122 r3083082 3 3 * Plugin Name: WPVulnerability 4 4 * Plugin URI: https://vulnerability.wpsysadmin.com/ 5 * Description: Check WordPress Core, Plugins, Themes, and PHP vulnerabilities with information from theWordPress Vulnerability Database API.5 * Description: WordPress Vulnerability Database API. 6 6 * Requires at least: 4.1 7 7 * Requires PHP: 5.6 8 * Version: 3.1. 18 * Version: 3.1. 9 9 * Author: Javier Casares 10 10 * Author URI: https://www.javiercasares.com/ 11 * License: EUPL v1.211 * License: EUPL1.2 12 12 * License URI: https://www.eupl.eu/1.2/en/ 13 13 * Text Domain: wpvulnerability … … 96 96 * Only load if it's admin / super admin 97 97 */ 98 if ( ( ! is_multisite() && is_admin() ) || ( is_multisite() && ( is_network_admin() || is_main_site() ) ) || ( defined( 'WP_CLI' ) && WP_CLI ) ) {98 if ( ( ! is_multisite() && is_admin() ) || ( is_multisite() && ( is_network_admin() || is_main_site() ) ) || ( defined( 'WP_CLI' ) && WP_CLI ) ) { 99 99 100 100 require_once WPVULNERABILITY_PLUGIN_PATH . '/wpvulnerability-run.php';
Note: See TracChangeset
for help on using the changeset viewer.