Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Report security issue #58

Open
ethicalhack3r opened this issue Feb 20, 2020 · 2 comments
Open

Report security issue #58

ethicalhack3r opened this issue Feb 20, 2020 · 2 comments

Comments

@ethicalhack3r
Copy link

Hi,

Ryan here from https://wpvulndb.com/

There has been a public report of a security issue affecting this theme, which we have verified.

We have tried to contact someone from Fruitful to report the issue 3 days ago but have yet to receive a reply.

Please can someone provide us with the appropriate security contact to report the issue to?

If we do not have any contact within a couple more days we will escalate the issue to the WordPress plugins team.

Thanks,
Ryan
@ethicalhack3r
Copy link
Author

ethicalhack3r commented Mar 3, 2020
edited

Looks like the issue was patched on 26.02.2020 in version 3.8.1.

The only mention in the changelog was:

Bug fix: Fixed issues on comment form

We are tracking the issue here: https://wpvulndb.com/vulnerabilities/10085

The relevant diffs are below:

--- fruitful/inc/func/comment-inline-error.php	2020-02-26 12:48:58.000000000 +0100
+++ fruitful 2/inc/func/comment-inline-error.php	2020-03-03 16:56:26.000000000 +0100
@@ -31,7 +31,7 @@
                 $denied = array('submit', 'comment_post_ID', 'comment_parent');
                 foreach($_POST as $key => $value){
                     if(!in_array($key, $denied)){
-	                    $_SESSION['formFields'][$key] =  esc_html( $value );
+                        $_SESSION['formFields'][$key] = stripslashes($value);
                     }
                 }
                 session_write_close();

--- fruitful/inc/template-tags.php	2020-02-26 12:48:58.000000000 +0100
+++ fruitful 2/inc/template-tags.php	2020-03-03 16:57:12.000000000 +0100
@@ -96,8 +96,8 @@
 					<em><?php _e( 'Your comment is awaiting moderation.', 'fruitful' ); ?></em>
 					<br />
 				<?php endif; ?>
-
-				<?php echo wp_kses_post( get_comment_text() ); ?>
+				
+				<?php comment_text(); ?>
 				<div class="reply">
 					<?php comment_reply_link( array_merge( $args, array( 'depth' => $depth, 'max_depth' => $args['max_depth'] ) ) ); ?>
 				</div><!-- .reply -->

@lcenine
Copy link

lcenine commented Jun 4, 2020

@ethicalhack3r
Hey Ryan!
Where is version 3.8.1 available? I'm getting no response from the Fruitful team :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ethicalhack3r @lcenine