Open ethicalhack3r opened 4 years ago
Looks like the issue was patched on 26.02.2020 in version 3.8.1.
The only mention in the changelog was:
Bug fix: Fixed issues on comment form
We are tracking the issue here: https://wpvulndb.com/vulnerabilities/10085
The relevant diffs are below:
--- fruitful/inc/func/comment-inline-error.php 2020-02-26 12:48:58.000000000 +0100
+++ fruitful 2/inc/func/comment-inline-error.php 2020-03-03 16:56:26.000000000 +0100
@@ -31,7 +31,7 @@
$denied = array('submit', 'comment_post_ID', 'comment_parent');
foreach($_POST as $key => $value){
if(!in_array($key, $denied)){
- $_SESSION['formFields'][$key] = esc_html( $value );
+ $_SESSION['formFields'][$key] = stripslashes($value);
}
}
session_write_close();
--- fruitful/inc/template-tags.php 2020-02-26 12:48:58.000000000 +0100
+++ fruitful 2/inc/template-tags.php 2020-03-03 16:57:12.000000000 +0100
@@ -96,8 +96,8 @@
<em><?php _e( 'Your comment is awaiting moderation.', 'fruitful' ); ?></em>
<br />
<?php endif; ?>
-
- <?php echo wp_kses_post( get_comment_text() ); ?>
+
+ <?php comment_text(); ?>
<div class="reply">
<?php comment_reply_link( array_merge( $args, array( 'depth' => $depth, 'max_depth' => $args['max_depth'] ) ) ); ?>
</div><!-- .reply -->
@ethicalhack3r
Hey Ryan!
Where is version 3.8.1 available? I'm getting no response from the Fruitful team :(
Hi,
Ryan here from https://wpvulndb.com/
There has been a public report of a security issue affecting this theme, which we have verified.
We have tried to contact someone from Fruitful to report the issue 3 days ago but have yet to receive a reply.
Please can someone provide us with the appropriate security contact to report the issue to?
If we do not have any contact within a couple more days we will escalate the issue to the WordPress plugins team.
Thanks, Ryan