CVE-2022-3139 We're Open! plugin before 1.42 has settings that could allow high privilege users to perform Stored Cross-site Scripting attacks.
For example, with an unfiltered_html setting of Off, setting it to Basic, or leaving it at its default value of On, an attacker could inject an arbitrary S3 (Structured Data) tag into the site via the plugin settings page. This S3 tag could then be read by and have an impact on any site user. The unfiltered_html setting is used to define whether the plugin renders settings through HTML or not. A high privilege user such as an admin, though not normally allowed to access the settings page, could potentially exploit this to inject malicious code. By default, unfiltered_html is set to On, so any user with access to the plugin settings page could inject S3 tags. We have made the decision to disable unfiltered_html for the plugin settings page for versions prior to 1.42. For versions 1.42 and later, unfiltered_html is set to Off by default.
Upgrade Instructions
If you are on a version prior to 1.42, please upgrade to the latest version of the plugin in order to ensure that your site is protected from these types of vulnerabilities. If you are on a version after 1.42, this vulnerability does not exist and we recommend leaving unfiltered_html at its default setting of Off for your site's admin settings page.
Upgrade Instructions:
Go to Settings > Plugins and click on the “Check for Updates” button next to WP-OptimizePress
Follow the prompts in the new popup window
If you have any questions, contact support@wpreoptimize.com
Timeline
Published on: 10/17/2022 12:15:00 UTC
Last modified on: 10/22/2022 23:10:00 UTC