Version Description
Download this release
Release Info
| Developer | barrykooij |
| Plugin |  Related Posts for WordPress |
| Version | 2.1.3 |
| Comparing to | |
| See all releases | |
Code changes from version 2.1.2 to 2.1.3
- SECURITY.md +46 -0
- classes/class-rp4wp.php +1 -1
- classes/settings/class-settings.php +4 -4
- readme.txt +4 -1
- related-posts-for-wp.php +1 -1
SECURITY.md
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# related-posts-for-wp's Security Policy
|
| 2 |
+
|
| 3 |
+
Welcome and thanks for taking interest in related-posts-for-wp!
|
| 4 |
+
|
| 5 |
+
We are mostly interested in reports by actual related-posts-for-wp users, but all high quality contributions are welcome.
|
| 6 |
+
|
| 7 |
+
Please try your best to describe a clear and realistic impact for your report, and please don't open any public issues on GitHub or social media, we're doing our best to respond through huntr as quickly as we can.
|
| 8 |
+
|
| 9 |
+
With that, good luck hacking us ;)
|
| 10 |
+
|
| 11 |
+
## Supported Versions
|
| 12 |
+
|
| 13 |
+
Please always test your found vulnerabilities against the latest version [master branch](https://github.com/barrykooij/related-posts-for-wp/tree/master). This is the only supported version.
|
| 14 |
+
|
| 15 |
+
|
| 16 |
+
## Qualifying Vulnerabilities
|
| 17 |
+
|
| 18 |
+
### Vulnerabilities we really care about 🫣
|
| 19 |
+
- Remote command execution
|
| 20 |
+
- SQL Injection
|
| 21 |
+
- Authentication bypass
|
| 22 |
+
- Privilege Escalation
|
| 23 |
+
- Cross-site scripting (XSS)
|
| 24 |
+
- Performing limited admin actions without authorization
|
| 25 |
+
- CSRF
|
| 26 |
+
|
| 27 |
+
### Vulnerabilities we accept 🙂
|
| 28 |
+
|
| 29 |
+
- Open redirects
|
| 30 |
+
|
| 31 |
+
## Non-Qualifying Vulnerabilities
|
| 32 |
+
|
| 33 |
+
- Reports from automated tools or scanners
|
| 34 |
+
- Theoretical attacks without proof of exploitability
|
| 35 |
+
- Attacks that are the result of a third party library should be reported to the library maintainers
|
| 36 |
+
- Social engineering
|
| 37 |
+
- Reflected file download
|
| 38 |
+
- Physical attacks
|
| 39 |
+
- Weak SSL/TLS/SSH algorithms or protocols
|
| 40 |
+
- Attacks involving physical access to a user’s device, or involving a device or network that’s already seriously compromised (eg man-in-the-middle).
|
| 41 |
+
- The user attacks themselves
|
| 42 |
+
|
| 43 |
+
|
| 44 |
+
## Reporting a Vulnerability
|
| 45 |
+
|
| 46 |
+
Vulnerability can be reported via email to support@relatedpostsforwp.com or via [Huntr](https://huntr.dev/repos/barrykooij/related-posts-for-wp/)
|
classes/class-rp4wp.php
CHANGED
|
@@ -8,7 +8,7 @@ class RP4WP {
|
|
| 8 |
|
| 9 |
private static $instance = null;
|
| 10 |
|
| 11 |
-
const VERSION = '2.1.
|
| 12 |
|
| 13 |
/**
|
| 14 |
* @var RP4WP_Settings
|
| 8 |
|
| 9 |
private static $instance = null;
|
| 10 |
|
| 11 |
+
const VERSION = '2.1.3';
|
| 12 |
|
| 13 |
/**
|
| 14 |
* @var RP4WP_Settings
|
classes/settings/class-settings.php
CHANGED
|
@@ -209,13 +209,13 @@ class RP4WP_Settings {
|
|
| 209 |
echo '<input type="checkbox" name="' . self::PAGE . '[' . $field['id'] . ']' . '" id="' . $field['id'] . '" value="1" ' . checked( 1, $this->get_option( $field['id'] ), false ) . ' />';
|
| 210 |
break;
|
| 211 |
case 'text':
|
| 212 |
-
echo '<input type="text" name="' . self::PAGE . '[' . $field['id'] . ']' . '" id="' . $field['id'] . '" value="' . $this->get_option( $field['id'] ) . '" class="rp4wp-input-text" />';
|
| 213 |
break;
|
| 214 |
case 'textarea':
|
| 215 |
-
echo '<textarea name="' . self::PAGE . '[' . $field['id'] . ']' . '" id="' . $field['id'] . '">' . $this->get_option( $field['id'] ) . '</textarea>';
|
| 216 |
break;
|
| 217 |
case 'button_link':
|
| 218 |
-
echo '<a href="' . $field['href'] . '" class="button">' . $field['default'] . '</a>';
|
| 219 |
break;
|
| 220 |
}
|
| 221 |
|
|
@@ -297,4 +297,4 @@ class RP4WP_Settings {
|
|
| 297 |
return apply_filters( 'rp4wp_' . $option, isset( $options[ $option ] ) ? $options[ $option ] : false );
|
| 298 |
}
|
| 299 |
|
| 300 |
-
}
|
| 209 |
echo '<input type="checkbox" name="' . self::PAGE . '[' . $field['id'] . ']' . '" id="' . $field['id'] . '" value="1" ' . checked( 1, $this->get_option( $field['id'] ), false ) . ' />';
|
| 210 |
break;
|
| 211 |
case 'text':
|
| 212 |
+
echo '<input type="text" name="' . self::PAGE . '[' . $field['id'] . ']' . '" id="' . $field['id'] . '" value="' . esc_attr( $this->get_option( $field['id'] ) ) . '" class="rp4wp-input-text" />';
|
| 213 |
break;
|
| 214 |
case 'textarea':
|
| 215 |
+
echo '<textarea name="' . self::PAGE . '[' . $field['id'] . ']' . '" id="' . $field['id'] . '">' . esc_html( $this->get_option( $field['id'] ) ) . '</textarea>';
|
| 216 |
break;
|
| 217 |
case 'button_link':
|
| 218 |
+
echo '<a href="' . esc_attr( $field['href'] ) . '" class="button">' . esc_html( $field['default'] ) . '</a>';
|
| 219 |
break;
|
| 220 |
}
|
| 221 |
|
| 297 |
return apply_filters( 'rp4wp_' . $option, isset( $options[ $option ] ) ? $options[ $option ] : false );
|
| 298 |
}
|
| 299 |
|
| 300 |
+
}
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: http://www.barrykooij.com/donate/
|
|
| 4 |
Tags: related posts for wordpress, related posts for wp, simple related posts, easy related posts, related posts, related post, related, relations, internal links, seo, bounce rate
|
| 5 |
Requires at least: 3.6
|
| 6 |
Tested up to: 6.0.2
|
| 7 |
-
Stable tag: 2.1.
|
| 8 |
License: GPLv3 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
|
@@ -120,6 +120,9 @@ There is one custom table created for the post cache, this table will however no
|
|
| 120 |
|
| 121 |
== Changelog ==
|
| 122 |
|
|
|
|
|
|
|
|
|
|
| 123 |
= 2.1.2: October 1, 2022 =
|
| 124 |
* Tweak: Fixed CWE-79 XSS issue on manually link related post screen, props [foobar7](https://github.com/foobar7).
|
| 125 |
* Tweak: Properly escape redirect URL params on manually bulk linking of related posts.
|
| 4 |
Tags: related posts for wordpress, related posts for wp, simple related posts, easy related posts, related posts, related post, related, relations, internal links, seo, bounce rate
|
| 5 |
Requires at least: 3.6
|
| 6 |
Tested up to: 6.0.2
|
| 7 |
+
Stable tag: 2.1.3
|
| 8 |
License: GPLv3 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
| 120 |
|
| 121 |
== Changelog ==
|
| 122 |
|
| 123 |
+
= 2.1.3: October 13, 2022 =
|
| 124 |
+
* Tweak: Fixed CWE-79 XSS issue on related posts settings screen, props [Juampa Rodríguez](https://github.com/und3sc0n0c1d0).
|
| 125 |
+
|
| 126 |
= 2.1.2: October 1, 2022 =
|
| 127 |
* Tweak: Fixed CWE-79 XSS issue on manually link related post screen, props [foobar7](https://github.com/foobar7).
|
| 128 |
* Tweak: Properly escape redirect URL params on manually bulk linking of related posts.
|
related-posts-for-wp.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Related Posts for WordPress
|
| 4 |
Plugin URI: http://www.relatedpostsforwp.com/
|
| 5 |
Description: Related Posts for WordPress, the best way to display related posts in WordPress.
|
| 6 |
-
Version: 2.1.
|
| 7 |
Author: Never5
|
| 8 |
Author URI: http://www.never5.com/
|
| 9 |
License: GPL v3
|
| 3 |
Plugin Name: Related Posts for WordPress
|
| 4 |
Plugin URI: http://www.relatedpostsforwp.com/
|
| 5 |
Description: Related Posts for WordPress, the best way to display related posts in WordPress.
|
| 6 |
+
Version: 2.1.3
|
| 7 |
Author: Never5
|
| 8 |
Author URI: http://www.never5.com/
|
| 9 |
License: GPL v3
|
