Quote from Pablo Borysenco on September 13, 2021, 12:00

Hello

What plugin version number are you using?

Quote from ASIXON on September 13, 2021, 12:03

WordPress Meta Data & Taxonomies Filter (MDTF) 1.2.9 

Quote from Pablo Borysenco on September 14, 2021, 09:45

Hello

Ok! Please  read  this   - https://wordpress.org/support/topic/cross-site-scripting-6/

Quote from ASIXON on September 16, 2021, 15:11

I have tried that already, it didn't work.

it is alerting this now after doing that:

Alert group: Cross site scripting (verified)
Severity: High
Description:
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can
execute malicious scripts into a legitimate website or web application. XSS occurs when a
web application makes use of unvalidated or unencoded user input within the output it
generates.
Recommendations: Apply context-dependent encoding and/or validation to user input rendered on a page
Alert variants
Details: URL encoded GET input mdf_cat was set to 15'"()&%<acx><ScRiPt >AQbX(9674) </ScRiPt>

GET /en/publications/?mdf_cat=15'"()%26%25<acx><ScRiPt%20>AQbX(9674)
</ScRiPt>&page_mdf=d192ea5b7af3877fa6170599cafbaf27&slg=documents HTTP/1.1

Cookie: privacy_embeds=consent; wordpress_test_cookie=WP%20Cookie%20check
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/92.0.4512.0 Safari/537.36

Connection: Keep-alive

Quote from Pablo Borysenco on September 17, 2021, 10:31

Hello

Very strange! can you drop me  FTP access - https://share.pluginus.net/image/i20210618130558.png -> https://share.pluginus.net/image/i20210618130637.png I will  check  it

Quote from ASIXON on September 17, 2021, 10:47

Hi, first thank you for your responses.

Second, i do have it on localhost so i can send you the full site (database and files), cause the client didn't give me the right to share the files he has uploaded on live site. Is this possible or is this acceptable to you.

Thank you very much once again.

Quote from Pablo Borysenco on September 17, 2021, 12:47

Hello

You can drop me files of your version(with your changes) of the MDTF

Quote from ASIXON on September 17, 2021, 13:12

Hi,

I sent you the files.

Quote from ASIXON on September 20, 2021, 14:41

Hello,

Did you get the files.
Thank you

Quote from Pablo Borysenco on September 20, 2021, 18:06

Hello

In  file - wp-content\plugins\wp-meta-data-filter-and-taxonomy-filter_fix\index.php- change  code - https://share.pluginus.net/image/i20210920190427.png

and  in file - wp-content\plugins\wp-meta-data-filter-and-taxonomy-filter_fix\views\widgets\search.php - change  code - https://share.pluginus.net/image/i20210920190617.png

Quote from ASIXON on September 22, 2021, 15:38

Dear,

Now i am getting this,

Severity High

Description

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can
execute malicious scripts into a legitimate website or web application. XSS occurs when a
web application makes use of unvalidated or unencoded user input within the output it
generates.
Recommendations Apply context-dependent encoding and/or validation to user input rendered on a page

Alert variants

Details

URL encoded POST input vars was set to
mdf%5Bfilter_post_blocks%5D%5B%5D=4198&mdf%5Bfilter_post_blocks_toggles%5
D%5B%5D=0&mdf%5Bmedafi_60db388190310%5D=the&mdf%5Bfilter_post_blocks%
5D%5B%5D=4199&mdf%5Bfilter_post_blocks_toggles%5D%5B%5D=0&mdf%5Btaxon
omy%5D%5Bselect%5D%5Bcategories%5D=&mdf%5Btaxonomy%5D%5Bselect%5D
%5Bcategories%5D%5B%5D=-1&mdf%5Btaxonomy%5D%5Bselect%5D%5Bpublisher
%5D=&mdf%5Btaxonomy%5D%5Bselect%5D%5Bpublisher%5D%5B%5D=-1&mdf%5B
filter_post_blocks%5D%5B%5D=4197&mdf%5Bfilter_post_blocks_toggles%5D%5B%
5D=0&mdf%5Bmedafi_60db384b4054d%5D%5Bfrom%5D=1604271599&mdf%5Bmedaf
i_60db384b4054d%5D%5Bto%5D=1604271599&meta_data_filter_bool=AND&mdf_tax_
bool=AND&mdf%5Bmdf_widget_options%5D%5Bslug%5D=documents&mdf%5Bmdf_
widget_options%5D%5Bmeta_data_filter_cat%5D=15&mdf%5Bmdf_widget_options%
5D%5Bshow_items_count_dynam%5D=&mdf%5Bmdf_widget_options%5D%5Btaxon
omies_options_post_recount_dyn%5D=1&mdf%5Bmdf_widget_options%5D%5Btaxo
nomies_options_hide_terms_0%5D=0&mdf%5Bmdf_widget_options%5D%5Bhide_me
ta_filter_values%5D=0&mdf%5Bmdf_widget_options%5D%5Bhide_tax_filter_values%
5D=0&mdf%5Bmdf_widget_options%5D%5Bsearch_result_page%5D=self&mdf%5Bm
df_widget_options%5D%5Bsearch_result_tpl%5D=self&mdf%5Bmdf_widget_options
%5D%5Bwoo_search_panel_id%5D=0&mdf%5Bmdf_widget_options%5D%5Baddition
al_taxonomies%5D=&mdf%5Bmdf_widget_options%5D%5Breset_link%5D=self&meta
_data_filter_cat=15<ScRiPt >L8nz(9107)</ScRiPt>

The input is reflected inside a text element.

POST /wp-admin/admin-ajax.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded

Cookie: wordpress_test_cookie=WP%20Cookie%20check; privacy_embeds=consent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 1899
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/92.0.4512.0 Safari/537.36

action=mdf_encode_search_get_params&is_ajaxed_reset=true&mdf_front_qtrans_lang=&mdf_front
_wpml_lang=en&mode=submit&shortcode_id=0&sidebar_id=avada-custom-sidebar-searchmdtfen&
sidebar_name=SearchMDTFEn&
type=widget&vars=mdf%255Bfilter_post_blocks%255D%255B%255D=4198%26mdf%255Bfilter_post_
blocks_toggles%255D%255B%255D=0%26mdf%255Bmedafi_60db388190310%255D=the%26mdf%255Bfilter_
post_blocks%255D%255B%255D=4199%26mdf%255Bfilter_post_blocks_toggles%255D%255B%255D=0%26m
df%255Btaxonomy%255D%255Bselect%255D%255Bcategories%255D=%26mdf%255Btaxonomy%255D%255Bsel
ect%255D%255Bcategories%255D%255B%255D=-1%26mdf%255Btaxonomy%255D%255Bselect%255D%255Bpub
lisher%255D=%26mdf%255Btaxonomy%255D%255Bselect%255D%255Bpublisher%255D%255B%255D=-1%26md
f%255Bfilter_post_blocks%255D%255B%255D=4197%26mdf%255Bfilter_post_blocks_toggles%255D%25
5B%255D=0%26mdf%255Bmedafi_60db384b4054d%255D%255Bfrom%255D=1604271599%26mdf%255Bmedafi_6
0db384b4054d%255D%255Bto%255D=1604271599%26meta_data_filter_bool=AND%26mdf_tax_bool=AND%2
6mdf%255Bmdf_widget_options%255D%255Bslug%255D=documents%26mdf%255Bmdf_widget_options%255
D%255Bmeta_data_filter_cat%255D=15%26mdf%255Bmdf_widget_options%255D%255Bshow_items_count
_dynam%255D=%26mdf%255Bmdf_widget_options%255D%255Btaxonomies_options_post_recount_dyn%25
5D=1%26mdf%255Bmdf_widget_options%255D%255Btaxonomies_options_hide_terms_0%255D=0%26mdf%2
55Bmdf_widget_options%255D%255Bhide_meta_filter_values%255D=0%26mdf%255Bmdf_widget_option
s%255D%255Bhide_tax_filter_values%255D=0%26mdf%255Bmdf_widget_options%255D%255Bsearch_res
ult_page%255D=self%26mdf%255Bmdf_widget_options%255D%255Bsearch_result_tpl%255D=self%26md
f%255Bmdf_widget_options%255D%255Bwoo_search_panel_id%255D=0%26mdf%255Bmdf_widget_options
%255D%255Badditional_taxonomies%255D=%26mdf%255Bmdf_widget_options%255D%255Breset_link%25
5D=self%26meta_data_filter_cat=15<ScRiPt%20>L8nz(9107)
</ScRiPt>&widget_id=metadatafilter_search-2

Do you have any idea what is going on here? Thank you very much indeed.

Quote from ASIXON on September 23, 2021, 10:47

Hi,

Sorry for being pushy. I just wanted to see if you've seen the message above.

Thank you

Quote from Pablo Borysenco on September 23, 2021, 13:51

Hello

Try  in  file   - \wp-content\plugins\meta-data-filter\classes\page.php  add  this code  - https://c2n.me/4dqKqAU.png

$data = MetaDataFilter::sanitize_post_data($data);

 

Quote from ASIXON on October 1, 2021, 11:09

Dear, First of all thank you the last answer you sent me worked perfectly.

Now i have another problem that is getting me in trouble.

Web Server
Alert group Vulnerable JavaScript libraries
Severity Medium
Description
You are using one or more vulnerable JavaScript libraries. One or more vulnerabilities were
reported for this version of the library. Consult Attack details and Web References for more
information about the affected library and the vulnerabilities that were reported.
Recommendations Upgrade to the latest version.
Alert variants
Details
jQuery 1.7.0
URL: //ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js
Detection method: The library's name and version were determined based on the
file's CDN URI.
References:
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
5
GET /wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/js/tooltipster/ HTTP/1.1
Referer: /wp-content/plugins/wp-meta-data-filter-and taxonomy-
filter/js/tooltipster/
Cookie: wordpress_test_cookie=WP%20Cookie%20check; privacy_embeds=consent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/92.0.4512.0 Safari/537.36
Connection: Keep-alive

Do you have any idea what i should do here? Thank you again.

Quote from Pablo Borysenco on October 1, 2021, 13:06

Hello

I  will answer you in another topic

Quote from ASIXON on October 1, 2021, 13:11

Okay. sorry i wrote here cause i was in a rush. after that i opened the right topic with the right title.

Quote from Pablo Borysenco on October 1, 2021, 13:13

ok! I answered  you