Slide Anything – Responsive Content / HTML Slider and Carousel -

Version Description

Fixed a security vulnerability whereby XSS scripts could be inserted within the slider post titles (part 2)

Developer	simonpedge
Plugin	Slide Anything – Responsive Content / HTML Slider and Carousel
Version	2.3.47
Comparing to
See all releases

Files changed (3) hide show

php/slide-anything-admin.php CHANGED Viewed

	@@ -2519,10 +2519,12 @@ function cpt_slider_save_postdata() {
2519
2520	// ### REMOVE XSS ATTACK VULNERABILITY FROM SLIDER POST TITLES ###
2521	global $wpdb;
2522	- $~~post_title~~ = ~~get_the_title~~($post->ID);
2523	- $~~sanitize_title~~ = ~~sanitize_text_field~~($~~post_title~~);
2524	- $~~where~~ = ~~array~~(~~'ID' =>~~ $~~post->ID~~);
2525	- $~~wpdb->update($wpdb->posts,~~ array('~~post_title~~' => $~~sanitize_title~~)~~, $where)~~;


2526
2527	// ### VERIFY 1) LOGGED-IN USER IS ADMINISTRATOR AND 2) VALID NONCE TO PREVENT CSRF HACKER ATTACKS ###
2528	if (current_user_can('edit_pages') &&


2519
2520	// ### REMOVE XSS ATTACK VULNERABILITY FROM SLIDER POST TITLES ###
2521	global $wpdb;
2522	+ if (isset($post->ID) && ($post->ID != '')) {
2523	+ $post_title = get_the_title($post->ID);
2524	+ $sanitize_title = sanitize_text_field($post_title);
2525	+ $where = array('ID' => $post->ID);
2526	+ $wpdb->update($wpdb->posts, array('post_title' => $sanitize_title), $where);
2527	+ }
2528
2529	// ### VERIFY 1) LOGGED-IN USER IS ADMINISTRATOR AND 2) VALID NONCE TO PREVENT CSRF HACKER ATTACKS ###
2530	if (current_user_can('edit_pages') &&

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
4	Tags: slider, carousel, content slider, responsive slider, html slider, owl carousel
5	Requires at least: 4.0
6	Tested up to: 6.0
7	- Stable tag: ~~trunk~~
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -98,6 +98,9 @@ Adding a SLIDE ANYTHING slider using the WordPress 5.0 'Block Editor' is pretty
98
99	== Changelog ==
100



101	= 2.3.46 =
102	* Fixed a security vulnerability whereby XSS scripts could be inserted within the slider post titles.
103
	@@ -770,3 +773,6 @@ Adding a SLIDE ANYTHING slider using the WordPress 5.0 'Block Editor' is pretty
770
771	= 2.3.46 =
772	* Fixed a security vulnerability whereby XSS scripts could be inserted within the slider post titles.


4	Tags: slider, carousel, content slider, responsive slider, html slider, owl carousel
5	Requires at least: 4.0
6	Tested up to: 6.0
7	+ Stable tag: 2.3.47
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

98
99	== Changelog ==
100
101	+ = 2.3.47 =
102	+ * Fixed a security vulnerability whereby XSS scripts could be inserted within the slider post titles (part 2)
103	+
104	= 2.3.46 =
105	* Fixed a security vulnerability whereby XSS scripts could be inserted within the slider post titles.
106

773
774	= 2.3.46 =
775	* Fixed a security vulnerability whereby XSS scripts could be inserted within the slider post titles.
776	+
777	+ = 2.3.47 =
778	+ * Fixed a security vulnerability whereby XSS scripts could be inserted within the slider post titles (part 2)

slide-anything.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	* Plugin URI: https://wordpress.org/plugins/slide-anything/
5	* Description: Slide Anything allows you to create a carousel/slider where the content for each slide can be anything you want - images, text, HTML, and even shortcodes. This plugin uses the Owl Carousel jQuery plugin, and lets you create beautiful, touch enabled, responsive carousels and sliders.
6	* Author: Simon Edge
7	- * Version: 2.3.46
8	* License: GPLv2 or later
9	*/
10


4	* Plugin URI: https://wordpress.org/plugins/slide-anything/
5	* Description: Slide Anything allows you to create a carousel/slider where the content for each slide can be anything you want - images, text, HTML, and even shortcodes. This plugin uses the Owl Carousel jQuery plugin, and lets you create beautiful, touch enabled, responsive carousels and sliders.
6	* Author: Simon Edge
7	+ * Version: 2.3.47
8	* License: GPLv2 or later
9	*/
10