{"id":41679,"date":"2024-03-12T12:09:07","date_gmt":"2024-03-12T12:09:07","guid":{"rendered":"https:\/\/s.b\/oikcom\/?post_type=oik_pluginversion&#038;p=50385"},"modified":"2024-03-12T14:36:26","modified_gmt":"2024-03-12T14:36:26","slug":"oik-v4-10-2","status":"publish","type":"oik_pluginversion","link":"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/","title":{"rendered":"oik v4.10.2"},"content":{"rendered":"\n<p>Update to oik v4.10.2 for a security fix to prevent JavaScript in URLs.<\/p>\n\n\n\n<!--more-->\n\n\n<figure class=\"wp-block-post-featured-image\"><img loading=\"lazy\" decoding=\"async\" width=\"772\" height=\"250\" src=\"https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3.jpg\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"oik base plugin banner\" style=\"object-fit:cover;\" srcset=\"https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3.jpg 772w, https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3-300x97.jpg 300w, https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3-386x125.jpg 386w, https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3-768x249.jpg 768w\" sizes=\"auto, (max-width: 772px) 100vw, 772px\" \/><\/figure>\n\n\n<p>The security issue was responsibly disclosed by Wordfence. Vulnerability Researcher: Francesco Carlucci.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Vulnerability Title: oik &lt;= 4.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode<br>CVE ID: CVE-2024-2256<br>CVSS Severity Score: 6.4 (Medium)<br>CVSS Vector: CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:N<br>Organization: Wordfence<br>Vulnerability Researcher(s): Francesco Carlucci<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Description<\/h3>\n\n\n\n<p>The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&#8217;s bw_contact_button and bw_button shortcodes and in all versions up to, and including, 4.10.0, due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Areas affected<\/h3>\n\n\n\n<p>The issue was reported against the following shortcodes <a class=\"bw_code bw_contact_button\" href=\"https:\/\/www.oik-plugins.com\/oik-shortcodes\/bw_contact_button\/bw_contact_button\" title=\"Link to help for shortcode: bw_contact_button\"><span>[<\/span>bw_contact_button]<\/a> and <a class=\"bw_code bw_button\" href=\"https:\/\/www.oik-plugins.com\/oik-shortcodes\/bw_button\/bw_button\" title=\"Link to help for shortcode: bw_button\"><span>[<\/span>bw_button]<\/a> when combined with the <code>link<\/code> attribute.<\/p>\n\n\n\n<p>The fix also applies to the following shortcodes which were similarly vulnerable.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a class=\"bw_code bw_link\" href=\"https:\/\/www.oik-plugins.com\/oik-shortcodes\/bw_link\/bw_link\" title=\"Link to help for shortcode: bw_link\"><span>[<\/span>bw_link]<\/a><\/li>\n\n\n\n<li><a class=\"bw_code bw_logo\" href=\"https:\/\/www.oik-plugins.com\/oik-shortcodes\/bw_logo\/bw_logo\" title=\"Link to help for shortcode: bw_logo\"><span>[<\/span>bw_logo]<\/a><\/li>\n\n\n\n<li><a class=\"bw_code bw_qrcode\" href=\"https:\/\/www.oik-plugins.com\/oik-shortcodes\/bw_qrcode\/bw_qrcode\" title=\"Link to help for shortcode: bw_qrcode\"><span>[<\/span>bw_qrcode]<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What you should do<\/h3>\n\n\n\n<p>Update to oik v4.10.2 as soon as possible. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Changes<\/h2>\n\n\n<div class=\"wp-block-oik-bbw-csv\"><table class=\"bw_csv \"><tr><th>Change<\/th><th>Reference<\/th><\/tr><tr><td>Fixed: Escape the URL in links.<\/td><td><a class=\"github issues-link\" href=\"https:\/\/github.com\/bobbingwide\/oik\/issues\/224\"><svg class=\"svg_github-link svg github\"  width=\"24\" height=\"24\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\">\r\n\t\t<Path d=\"M12,2C6.477,2,2,6.477,2,12c0,4.419,2.865,8.166,6.839,9.489c0.5,0.09,0.682-0.218,0.682-0.484 c0-0.236-0.009-0.866-0.014-1.699c-2.782,0.602-3.369-1.34-3.369-1.34c-0.455-1.157-1.11-1.465-1.11-1.465 c-0.909-0.62,0.069-0.608,0.069-0.608c1.004,0.071,1.532,1.03,1.532,1.03c0.891,1.529,2.341,1.089,2.91,0.833 c0.091-0.647,0.349-1.086,0.635-1.337c-2.22-0.251-4.555-1.111-4.555-4.943c0-1.091,0.39-1.984,1.03-2.682 C6.546,8.54,6.202,7.524,6.746,6.148c0,0,0.84-0.269,2.75,1.025C10.295,6.95,11.15,6.84,12,6.836 c0.85,0.004,1.705,0.114,2.504,0.336c1.909-1.294,2.748-1.025,2.748-1.025c0.546,1.376,0.202,2.394,0.1,2.646 c0.64,0.699,1.026,1.591,1.026,2.682c0,3.841-2.337,4.687-4.565,4.935c0.359,0.307,0.679,0.917,0.679,1.852 c0,1.335-0.012,2.415-0.012,2.741c0,0.269,0.18,0.579,0.688,0.481C19.138,20.161,22,16.416,22,12C22,6.477,17.523,2,12,2z\" \/>\r\n\t<\/SVG> bobbingwide\/oik#224<\/a><\/td><\/tr><\/table><\/div>\n\n\n<p>oik v4.10.2 also includes previously unreleased changes in oik v4.10.1.<\/p>\n\n\n<div class=\"wp-block-oik-bbw-csv\"><table class=\"bw_csv \"><tr><th>Change<\/th><th>Reference<\/th><\/tr><tr><td>Changed: Support PHP 8.3<\/td><td><a class=\"github issues-link\" href=\"https:\/\/github.com\/bobbingwide\/oik\/issues\/220\"><svg class=\"svg_github-link svg github\"  width=\"24\" height=\"24\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\">\r\n\t\t<Path d=\"M12,2C6.477,2,2,6.477,2,12c0,4.419,2.865,8.166,6.839,9.489c0.5,0.09,0.682-0.218,0.682-0.484 c0-0.236-0.009-0.866-0.014-1.699c-2.782,0.602-3.369-1.34-3.369-1.34c-0.455-1.157-1.11-1.465-1.11-1.465 c-0.909-0.62,0.069-0.608,0.069-0.608c1.004,0.071,1.532,1.03,1.532,1.03c0.891,1.529,2.341,1.089,2.91,0.833 c0.091-0.647,0.349-1.086,0.635-1.337c-2.22-0.251-4.555-1.111-4.555-4.943c0-1.091,0.39-1.984,1.03-2.682 C6.546,8.54,6.202,7.524,6.746,6.148c0,0,0.84-0.269,2.75,1.025C10.295,6.95,11.15,6.84,12,6.836 c0.85,0.004,1.705,0.114,2.504,0.336c1.909-1.294,2.748-1.025,2.748-1.025c0.546,1.376,0.202,2.394,0.1,2.646 c0.64,0.699,1.026,1.591,1.026,2.682c0,3.841-2.337,4.687-4.565,4.935c0.359,0.307,0.679,0.917,0.679,1.852 c0,1.335-0.012,2.415-0.012,2.741c0,0.269,0.18,0.579,0.688,0.481C19.138,20.161,22,16.416,22,12C22,6.477,17.523,2,12,2z\" \/>\r\n\t<\/SVG> bobbingwide\/oik#220<\/a><\/td><\/tr><tr><td>Changed: Spam check subject for http<\/td><td><a class=\"github issues-link\" href=\"https:\/\/github.com\/bobbingwide\/oik\/issues\/221\"><svg class=\"svg_github-link svg github\"  width=\"24\" height=\"24\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" version=\"1.1\">\r\n\t\t<Path d=\"M12,2C6.477,2,2,6.477,2,12c0,4.419,2.865,8.166,6.839,9.489c0.5,0.09,0.682-0.218,0.682-0.484 c0-0.236-0.009-0.866-0.014-1.699c-2.782,0.602-3.369-1.34-3.369-1.34c-0.455-1.157-1.11-1.465-1.11-1.465 c-0.909-0.62,0.069-0.608,0.069-0.608c1.004,0.071,1.532,1.03,1.532,1.03c0.891,1.529,2.341,1.089,2.91,0.833 c0.091-0.647,0.349-1.086,0.635-1.337c-2.22-0.251-4.555-1.111-4.555-4.943c0-1.091,0.39-1.984,1.03-2.682 C6.546,8.54,6.202,7.524,6.746,6.148c0,0,0.84-0.269,2.75,1.025C10.295,6.95,11.15,6.84,12,6.836 c0.85,0.004,1.705,0.114,2.504,0.336c1.909-1.294,2.748-1.025,2.748-1.025c0.546,1.376,0.202,2.394,0.1,2.646 c0.64,0.699,1.026,1.591,1.026,2.682c0,3.841-2.337,4.687-4.565,4.935c0.359,0.307,0.679,0.917,0.679,1.852 c0,1.335-0.012,2.415-0.012,2.741c0,0.269,0.18,0.579,0.688,0.481C19.138,20.161,22,16.416,22,12C22,6.477,17.523,2,12,2z\" \/>\r\n\t<\/SVG> bobbingwide\/oik#221<\/a><\/td><\/tr><\/table><\/div>\n\n\n<h2 class=\"wp-block-heading\">Tested<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tested: With WordPress 6.4.3 and WordPress Multisite<\/li>\n\n\n\n<li>Tested: With PHP 8.3<\/li>\n\n\n\n<li>Tested: With PHPUnit 9.6<\/li>\n<\/ul>\n<div class=\"bw_metadata _oikpv_version\"><span class=\"label _oikpv_version\">Version<\/span><span class=\"sep\">: <\/span><span class=\"value\">4.10.2<\/span><\/div><div class=\"bw_metadata _oikpv_plugin\"><span class=\"label _oikpv_plugin\">Plugin<\/span><span class=\"sep\">: <\/span><span class=\"value\"><a href=\"https:\/\/www.oik-plugins.com\/oik-plugins\/oik\/\">oik <span class=\"summary\">&#8211; oik information kit<\/span><\/a><\/span><\/div><div class=\"bw_taxonomy required_version\"><span class=\"label required_version\">Required version<\/span><span class=\"sep\">: <\/span><a href=\"https:\/\/www.oik-plugins.com\/required_version\/5-0\/5-0-3\/\" rel=\"tag\">5.0.3<\/a><\/div><div class=\"bw_taxonomy compatible_up_to\"><span class=\"label compatible_up_to\">Compatible up to<\/span><span class=\"sep\">: <\/span><a href=\"https:\/\/www.oik-plugins.com\/compatible_up_to\/6-5\/6-5-rc1\/\" rel=\"tag\">6.5-RC1<\/a><\/div>","protected":false},"excerpt":{"rendered":"<p>Update to oik v4.10.2 for a security fix to prevent JavaScript in URLs.<\/p>\n","protected":false},"featured_media":8781,"template":"","required_version":[605],"compatible_up_to":[781],"class_list":{"0":"post-41679","1":"oik_pluginversion","2":"type-oik_pluginversion","3":"status-publish","4":"has-post-thumbnail","6":"required_version-5-0-3","7":"compatible_up_to-6-5-rc1","8":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>oik v4.10.2 - [oik] plugins.com<\/title>\n<meta name=\"description\" content=\"oik v4.10.2 contains a security fix for unescaped URLs.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"oik v4.10.2 - [oik] plugins.com\" \/>\n<meta property=\"og:description\" content=\"oik v4.10.2 contains a security fix for unescaped URLs.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/\" \/>\n<meta property=\"og:site_name\" content=\"[oik] plugins.com\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-12T14:36:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"772\" \/>\n\t<meta property=\"og:image:height\" content=\"250\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/\",\"url\":\"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/\",\"name\":\"oik v4.10.2 - [oik] plugins.com\",\"isPartOf\":{\"@id\":\"https:\/\/www.oik-plugins.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3.jpg\",\"datePublished\":\"2024-03-12T12:09:07+00:00\",\"dateModified\":\"2024-03-12T14:36:26+00:00\",\"description\":\"oik v4.10.2 contains a security fix for unescaped URLs.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/#primaryimage\",\"url\":\"https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3.jpg\",\"contentUrl\":\"https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3.jpg\",\"width\":772,\"height\":250,\"caption\":\"oik - base plugin\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.oik-plugins.com\/#website\",\"url\":\"https:\/\/www.oik-plugins.com\/\",\"name\":\"[oik] plugins.com\",\"description\":\"WordPress plugins and themes\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.oik-plugins.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"oik v4.10.2 - [oik] plugins.com","description":"oik v4.10.2 contains a security fix for unescaped URLs.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/","og_locale":"en_US","og_type":"article","og_title":"oik v4.10.2 - [oik] plugins.com","og_description":"oik v4.10.2 contains a security fix for unescaped URLs.","og_url":"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/","og_site_name":"[oik] plugins.com","article_modified_time":"2024-03-12T14:36:26+00:00","og_image":[{"width":772,"height":250,"url":"https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-2.jpg","type":"image\/jpeg"}],"twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/","url":"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/","name":"oik v4.10.2 - [oik] plugins.com","isPartOf":{"@id":"https:\/\/www.oik-plugins.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/#primaryimage"},"image":{"@id":"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3.jpg","datePublished":"2024-03-12T12:09:07+00:00","dateModified":"2024-03-12T14:36:26+00:00","description":"oik v4.10.2 contains a security fix for unescaped URLs.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.oik-plugins.com\/oik_pluginversion\/oik-v4-10-2\/#primaryimage","url":"https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3.jpg","contentUrl":"https:\/\/www.oik-plugins.com\/wp-content\/uploads\/2013\/06\/oik-base-plugin-banner-772x250-3.jpg","width":772,"height":250,"caption":"oik - base plugin"},{"@type":"WebSite","@id":"https:\/\/www.oik-plugins.com\/#website","url":"https:\/\/www.oik-plugins.com\/","name":"[oik] plugins.com","description":"WordPress plugins and themes","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.oik-plugins.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.oik-plugins.com\/wp-json\/wp\/v2\/oik_pluginversion\/41679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oik-plugins.com\/wp-json\/wp\/v2\/oik_pluginversion"}],"about":[{"href":"https:\/\/www.oik-plugins.com\/wp-json\/wp\/v2\/types\/oik_pluginversion"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.oik-plugins.com\/wp-json\/wp\/v2\/media\/8781"}],"wp:attachment":[{"href":"https:\/\/www.oik-plugins.com\/wp-json\/wp\/v2\/media?parent=41679"}],"wp:term":[{"taxonomy":"required_version","embeddable":true,"href":"https:\/\/www.oik-plugins.com\/wp-json\/wp\/v2\/required_version?post=41679"},{"taxonomy":"compatible_up_to","embeddable":true,"href":"https:\/\/www.oik-plugins.com\/wp-json\/wp\/v2\/compatible_up_to?post=41679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}