PluginUs.Net - Business Tools for WooCommerce and WordPress

[realize your idea - make your dreams come true]

Support Forum

You need to log-in to create request (topic) to the support

XSS

This support system is for all types of the plugins as for premium versions, so for free ones! If you have premium version do not forget in the private data of the request (!!not in the text of the support request!!) after its publishing insert purchase code please (see blue-green button on the right side) and press Save button.
If you not got email within 24~36 business hours, firstly check your spam box, and if no any email from the support there - back to the forum and read answer here. DO NOT ANSWER ON EMAILS [noreply@pluginus.net] FROM THE FORUM!! Emails are just for your info, all answers should be published only here.
The support doesn work on Saturdays and Sundays, so some Friday requests can be answered on Monday.

Dear Recently i have made a website for a client. The website went through ACUNETIX SECURITY TEST and the report showed the below alerts:

/en/publications/
Alert group Cross site scripting
Severity High
Description
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can
execute malicious scripts into a legitimate website or web application. XSS occurs when a
web application makes use of unvalidated or unencoded user input within the output it
generates.
Recommendations Apply context-dependent encoding and/or validation to user input rendered on a page
Alert variants
Details
URL encoded GET input mdf_cat was set to 15" 63mg=xjEn([!+!]) 2C1="
The input is reflected inside a tag parameter between double quotes.
GET /en/publications/?
mdf_cat=15"%2063mg=xjEn([!%2B!])%202C1="&page_mdf=becae0751bb2ae54a9f8c29dda92e86f&slg=do
cuments HTTP/1.1
Referer: https://
Cookie: privacy_embeds=consent; wordpress_test_cookie=WP%20Cookie%20check
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/92.0.4512.0 Safari/537.36
Host:
Connection: Keep-alive

Do you have any idea what this might be? I have added (int) before $_REQUEST but that didn't change anything.

Hello

What plugin version number are you using?

WordPress Meta Data & Taxonomies Filter (MDTF) 1.2.9 

Hello

Ok! Please  read  this   - https://wordpress.org/support/topic/cross-site-scripting-6/

I have tried that already, it didn't work.

it is alerting this now after doing that:

Alert group: Cross site scripting (verified)
Severity: High
Description:
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can
execute malicious scripts into a legitimate website or web application. XSS occurs when a
web application makes use of unvalidated or unencoded user input within the output it
generates.
Recommendations: Apply context-dependent encoding and/or validation to user input rendered on a page
Alert variants
Details: URL encoded GET input mdf_cat was set to 15'"()&%<acx><ScRiPt >AQbX(9674) </ScRiPt>

GET /en/publications/?mdf_cat=15'"()%26%25<acx><ScRiPt%20>AQbX(9674)
</ScRiPt>&page_mdf=d192ea5b7af3877fa6170599cafbaf27&slg=documents HTTP/1.1

Cookie: privacy_embeds=consent; wordpress_test_cookie=WP%20Cookie%20check
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/92.0.4512.0 Safari/537.36

Connection: Keep-alive

Hello

Very strange! can you drop me  FTP access - https://share.stackovergo.com/image/i20210618130558.png -> https://share.stackovergo.com/image/i20210618130637.png I will  check  it

Hi, first thank you for your responses.

Second, i do have it on localhost so i can send you the full site (database and files), cause the client didn't give me the right to share the files he has uploaded on live site. Is this possible or is this acceptable to you.

Thank you very much once again.

Hello

You can drop me files of your version(with your changes) of the MDTF

Hi,

I sent you the files.

Hello,

Did you get the files.
Thank you

Hello

In  file - wp-content\plugins\wp-meta-data-filter-and-taxonomy-filter_fix\index.php- change  code - https://share.stackovergo.com/image/i20210920190427.png

and  in file - wp-content\plugins\wp-meta-data-filter-and-taxonomy-filter_fix\views\widgets\search.php - change  code - https://share.stackovergo.com/image/i20210920190617.png

Dear,

Now i am getting this,

Severity High

Description

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can
execute malicious scripts into a legitimate website or web application. XSS occurs when a
web application makes use of unvalidated or unencoded user input within the output it
generates.
Recommendations Apply context-dependent encoding and/or validation to user input rendered on a page

Alert variants

Details

URL encoded POST input vars was set to
mdf%5Bfilter_post_blocks%5D%5B%5D=4198&mdf%5Bfilter_post_blocks_toggles%5
D%5B%5D=0&mdf%5Bmedafi_60db388190310%5D=the&mdf%5Bfilter_post_blocks%
5D%5B%5D=4199&mdf%5Bfilter_post_blocks_toggles%5D%5B%5D=0&mdf%5Btaxon
omy%5D%5Bselect%5D%5Bcategories%5D=&mdf%5Btaxonomy%5D%5Bselect%5D
%5Bcategories%5D%5B%5D=-1&mdf%5Btaxonomy%5D%5Bselect%5D%5Bpublisher
%5D=&mdf%5Btaxonomy%5D%5Bselect%5D%5Bpublisher%5D%5B%5D=-1&mdf%5B
filter_post_blocks%5D%5B%5D=4197&mdf%5Bfilter_post_blocks_toggles%5D%5B%
5D=0&mdf%5Bmedafi_60db384b4054d%5D%5Bfrom%5D=1604271599&mdf%5Bmedaf
i_60db384b4054d%5D%5Bto%5D=1604271599&meta_data_filter_bool=AND&mdf_tax_
bool=AND&mdf%5Bmdf_widget_options%5D%5Bslug%5D=documents&mdf%5Bmdf_
widget_options%5D%5Bmeta_data_filter_cat%5D=15&mdf%5Bmdf_widget_options%
5D%5Bshow_items_count_dynam%5D=&mdf%5Bmdf_widget_options%5D%5Btaxon
omies_options_post_recount_dyn%5D=1&mdf%5Bmdf_widget_options%5D%5Btaxo
nomies_options_hide_terms_0%5D=0&mdf%5Bmdf_widget_options%5D%5Bhide_me
ta_filter_values%5D=0&mdf%5Bmdf_widget_options%5D%5Bhide_tax_filter_values%
5D=0&mdf%5Bmdf_widget_options%5D%5Bsearch_result_page%5D=self&mdf%5Bm
df_widget_options%5D%5Bsearch_result_tpl%5D=self&mdf%5Bmdf_widget_options
%5D%5Bwoo_search_panel_id%5D=0&mdf%5Bmdf_widget_options%5D%5Baddition
al_taxonomies%5D=&mdf%5Bmdf_widget_options%5D%5Breset_link%5D=self&meta
_data_filter_cat=15<ScRiPt >L8nz(9107)</ScRiPt>

The input is reflected inside a text element.

POST /wp-admin/admin-ajax.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded

Cookie: wordpress_test_cookie=WP%20Cookie%20check; privacy_embeds=consent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 1899
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/92.0.4512.0 Safari/537.36

action=mdf_encode_search_get_params&is_ajaxed_reset=true&mdf_front_qtrans_lang=&mdf_front
_wpml_lang=en&mode=submit&shortcode_id=0&sidebar_id=avada-custom-sidebar-searchmdtfen&
sidebar_name=SearchMDTFEn&
type=widget&vars=mdf%255Bfilter_post_blocks%255D%255B%255D=4198%26mdf%255Bfilter_post_
blocks_toggles%255D%255B%255D=0%26mdf%255Bmedafi_60db388190310%255D=the%26mdf%255Bfilter_
post_blocks%255D%255B%255D=4199%26mdf%255Bfilter_post_blocks_toggles%255D%255B%255D=0%26m
df%255Btaxonomy%255D%255Bselect%255D%255Bcategories%255D=%26mdf%255Btaxonomy%255D%255Bsel
ect%255D%255Bcategories%255D%255B%255D=-1%26mdf%255Btaxonomy%255D%255Bselect%255D%255Bpub
lisher%255D=%26mdf%255Btaxonomy%255D%255Bselect%255D%255Bpublisher%255D%255B%255D=-1%26md
f%255Bfilter_post_blocks%255D%255B%255D=4197%26mdf%255Bfilter_post_blocks_toggles%255D%25
5B%255D=0%26mdf%255Bmedafi_60db384b4054d%255D%255Bfrom%255D=1604271599%26mdf%255Bmedafi_6
0db384b4054d%255D%255Bto%255D=1604271599%26meta_data_filter_bool=AND%26mdf_tax_bool=AND%2
6mdf%255Bmdf_widget_options%255D%255Bslug%255D=documents%26mdf%255Bmdf_widget_options%255
D%255Bmeta_data_filter_cat%255D=15%26mdf%255Bmdf_widget_options%255D%255Bshow_items_count
_dynam%255D=%26mdf%255Bmdf_widget_options%255D%255Btaxonomies_options_post_recount_dyn%25
5D=1%26mdf%255Bmdf_widget_options%255D%255Btaxonomies_options_hide_terms_0%255D=0%26mdf%2
55Bmdf_widget_options%255D%255Bhide_meta_filter_values%255D=0%26mdf%255Bmdf_widget_option
s%255D%255Bhide_tax_filter_values%255D=0%26mdf%255Bmdf_widget_options%255D%255Bsearch_res
ult_page%255D=self%26mdf%255Bmdf_widget_options%255D%255Bsearch_result_tpl%255D=self%26md
f%255Bmdf_widget_options%255D%255Bwoo_search_panel_id%255D=0%26mdf%255Bmdf_widget_options
%255D%255Badditional_taxonomies%255D=%26mdf%255Bmdf_widget_options%255D%255Breset_link%25
5D=self%26meta_data_filter_cat=15<ScRiPt%20>L8nz(9107)
</ScRiPt>&widget_id=metadatafilter_search-2

Do you have any idea what is going on here? Thank you very much indeed.

Hi,

Sorry for being pushy. I just wanted to see if you've seen the message above.

Thank you

Hello

Try  in  file   - \wp-content\plugins\meta-data-filter\classes\page.php  add  this code  - https://c2n.me/4dqKqAU.png

$data = MetaDataFilter::sanitize_post_data($data);

 

Dear, First of all thank you the last answer you sent me worked perfectly.

Now i have another problem that is getting me in trouble.

Web Server
Alert group Vulnerable JavaScript libraries
Severity Medium
Description
You are using one or more vulnerable JavaScript libraries. One or more vulnerabilities were
reported for this version of the library. Consult Attack details and Web References for more
information about the affected library and the vulnerabilities that were reported.
Recommendations Upgrade to the latest version.
Alert variants
Details
jQuery 1.7.0
URL: //ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js
Detection method: The library's name and version were determined based on the
file's CDN URI.
References:
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
5
GET /wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/js/tooltipster/ HTTP/1.1
Referer: /wp-content/plugins/wp-meta-data-filter-and taxonomy-
filter/js/tooltipster/
Cookie: wordpress_test_cookie=WP%20Cookie%20check; privacy_embeds=consent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/92.0.4512.0 Safari/537.36
Connection: Keep-alive

Do you have any idea what i should do here? Thank you again.

Hello

I  will answer you in another topic

Okay. sorry i wrote here cause i was in a rush. after that i opened the right topic with the right title.

ok! I answered  you