REPORT / 01
Wordfence CVE Analysis
CWE-89· Year: 2025
Analyzed CVEs:CVE-2025-10587,CVE-2025-28983,CVE-2025-10586,CVE-2025-54726,CVE-2025-26988,CVE-2025-31599,CVE-2025-2010,CVE-2025-32550,CVE-2025-7670,CVE-2025-24664
02 ·
Lifecycle actions
cancel · resume · skip · regenerate
03 ·
Share this analysis
copy link · embed report
03 ·
CVE Security Analysis & Writeups
ai-generated · per cve
Comprehensive security analysis generated by AI for each confirmed CVE match. Click on a CVE to view the detailed writeup including vulnerability background, technical details, patch analysis, and PoC guide.
CVE-2025-10586
NVD
AI-Generated Analysis
CVE-2025-10587
NVD
AI-Generated Analysis
CVE-2025-2010
NVD
AI-Generated Analysis
CVE-2025-26988
NVD
AI-Generated Analysis
CVE-2025-28983
NVD
AI-Generated Analysis
CVE-2025-31599
NVD
AI-Generated Analysis
CVE-2025-32550
NVD
AI-Generated Analysis
CVE-2025-54726
NVD
AI-Generated Analysis
CVE-2025-7670
NVD
AI-Generated Analysis
05 ·
Findings
filter · search · paginate
Showing 0 to 0 of 0 results
[CVE-2025-10586] [Community Events: 1.5.1→1.5.2] community-events.php
AI: 3 vulnerabilities
3 true positives
CVE-2025-10586
--- cache/community-events_1.5.1/community-events.php 2025-12-04 14:05:26.692692450 +0000+++ cache/community-events_1.5.2/community-events.php 2025-12-04 14:05:29.796891710 +0000@@ -2,7 +2,7 @@ /*Plugin Name: Community Events Plugin URI: https://ylefebvre.github.io/wordpress-plugins/community-events/ Description: A plugin used to manage events and display them in a widget-Version: 1.5.1+Version: 1.5.2 Author: Yannick Lefebvre Author URI: https://ylefebvre.github.io Copyright 2024 Yannick Lefebvre (email : [email protected])@@ -3205,10 +3205,10 @@ } } else- $venueid = $_POST['event_venue'];+ $venueid = intval( $_POST['event_venue'] ); $newevent = array("event_name" => sanitize_text_field($_POST['event_name']), "event_start_date" => sanitize_text_field($_POST['event_start_date']), "event_start_hour" => sanitize_text_field($_POST['event_start_hour']), "event_start_minute" => sanitize_text_field($_POST['event_start_minute']), "event_start_ampm" => sanitize_text_field($_POST['event_start_ampm']),- "event_description" => sanitize_text_field($_POST['event_description']), "event_url" => sanitize_url($_POST['event_url']), "event_ticket_url" => sanitize_url($_POST['event_ticket_url']), "event_venue" => intval( $venueid ), "event_category" => sanitize_text_field( $_POST['event_category'] ),+ "event_description" => sanitize_text_field($_POST['event_description']), "event_url" => sanitize_url($_POST['event_url']), "event_ticket_url" => sanitize_url($_POST['event_ticket_url']), "event_venue" => $venueid, "event_category" => intval( sanitize_text_field( $_POST['event_category'] ) ), "event_submitter" => sanitize_text_field( $username ), "event_end_hour" => sanitize_text_field( ( isset( $_POST['event_end_hour'] ) ? $_POST['event_end_hour'] : '' ) ), "event_end_minute" => sanitize_text_field( ( isset( $_POST['event_end_minute'] ) ? $_POST['event_end_minute'] : '' ) ), "event_end_ampm" => sanitize_text_field(( isset( $_POST['event_end_ampm'] ) ? $_POST['event_end_ampm'] : '' ))); if (isset($_POST['submiteventnew']))@@ -3257,7 +3257,7 @@ $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; - $venuenamequery = "select ce_venue_name from " . $wpdb->prefix . "ce_venues where ce_venue_id = " . $venueid;+ $venuenamequery = "select ce_venue_name from " . $wpdb->prefix . "ce_venues where ce_venue_id = " . intval( $venueid ); $venuename = $wpdb->get_var($venuenamequery); $categorynamequery = "select event_cat_name from " . $wpdb->prefix . "ce_category where event_cat_id = " . $newevent['event_category'];
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - community-events.php Lines 3260
Old Code:
$categorynamequery = "select event_cat_name from " . $wpdb->prefix . "ce_category where event_cat_id = " . $newevent['event_category'];
Fixed Code:
$categorynamequery = "select event_cat_name from " . $wpdb->prefix . "ce_category where event_cat_id = " . intval( sanitize_text_field( $_POST['event_category'] ) );
Explanation:
The old code directly used `$newevent['event_category']` in an SQL query without proper sanitization. Although `$newevent['event_category']` was set from `sanitize_text_field($_POST['event_category'])`, `sanitize_text_field` is not sufficient for numeric SQL injection because it returns a string. The fixed code applies `intval()` to the sanitized text field, ensuring the value is an integer before being used in the SQL query, thus preventing SQL injection.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - community-events.php Lines 3257
Old Code:
$venuenamequery = "select ce_venue_name from " . $wpdb->prefix . "ce_venues where ce_venue_id = " . $venueid;
Fixed Code:
$venuenamequery = "select ce_venue_name from " . $wpdb->prefix . "ce_venues where ce_venue_id = " . intval( $venueid );
Explanation:
The old code used `$venueid` directly in an SQL query. Although `$venueid` was set to `intval($_POST['event_venue'])` in one branch, in the other branch it was set to `$_POST['event_venue']` without validation. The fixed code ensures `$venueid` is always an integer by applying `intval()` when constructing the query, preventing SQL injection.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - community-events.php Lines 3208
Old Code:
$venueid = $_POST['event_venue'];
Fixed Code:
$venueid = intval( $_POST['event_venue'] );
Explanation:
The old code assigned `$_POST['event_venue']` directly to `$venueid` without validation. This could lead to using a non-integer value in SQL queries or other contexts expecting an integer. The fixed code uses `intval()` to ensure `$venueid` is an integer, improving input validation.
Vulnerability Existed: not sure
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - community-events.php Lines 3205-3210
Old Code:
"event_category" => sanitize_text_field( $_POST['event_category'] ),
Fixed Code:
"event_category" => intval( sanitize_text_field( $_POST['event_category'] ) ),
Explanation:
The old code used `sanitize_text_field` on `$_POST['event_category']`, which is appropriate for text fields to prevent XSS when outputting. However, since `event_category` is likely an integer ID, the change to `intval()` may be for type consistency rather than a security fix. The impact on XSS is uncertain because if the value is used in an HTML context after being sanitized as text, it might already be safe. The addition of `intval()` ensures it's an integer, which could indirectly prevent XSS if the value is used in a numeric context, but this is not a direct XSS fix.
CVE Analysis Results:
CVE-2025-10586: Yes
View CVE Description
The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘event_venue’ parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
[CVE-2025-10587] [Community Events: 1.5.1→1.5.2] community-events.php
AI: 4 vulnerabilities
4 true positives
CVE-2025-10587
--- cache/community-events_1.5.1/community-events.php 2025-12-04 14:05:26.692692450 +0000+++ cache/community-events_1.5.2/community-events.php 2025-12-04 14:06:26.924558678 +0000@@ -2,7 +2,7 @@ /*Plugin Name: Community Events Plugin URI: https://ylefebvre.github.io/wordpress-plugins/community-events/ Description: A plugin used to manage events and display them in a widget-Version: 1.5.1+Version: 1.5.2 Author: Yannick Lefebvre Author URI: https://ylefebvre.github.io Copyright 2024 Yannick Lefebvre (email : [email protected])@@ -3205,10 +3205,10 @@ } } else- $venueid = $_POST['event_venue'];+ $venueid = intval( $_POST['event_venue'] ); $newevent = array("event_name" => sanitize_text_field($_POST['event_name']), "event_start_date" => sanitize_text_field($_POST['event_start_date']), "event_start_hour" => sanitize_text_field($_POST['event_start_hour']), "event_start_minute" => sanitize_text_field($_POST['event_start_minute']), "event_start_ampm" => sanitize_text_field($_POST['event_start_ampm']),- "event_description" => sanitize_text_field($_POST['event_description']), "event_url" => sanitize_url($_POST['event_url']), "event_ticket_url" => sanitize_url($_POST['event_ticket_url']), "event_venue" => intval( $venueid ), "event_category" => sanitize_text_field( $_POST['event_category'] ),+ "event_description" => sanitize_text_field($_POST['event_description']), "event_url" => sanitize_url($_POST['event_url']), "event_ticket_url" => sanitize_url($_POST['event_ticket_url']), "event_venue" => $venueid, "event_category" => intval( sanitize_text_field( $_POST['event_category'] ) ), "event_submitter" => sanitize_text_field( $username ), "event_end_hour" => sanitize_text_field( ( isset( $_POST['event_end_hour'] ) ? $_POST['event_end_hour'] : '' ) ), "event_end_minute" => sanitize_text_field( ( isset( $_POST['event_end_minute'] ) ? $_POST['event_end_minute'] : '' ) ), "event_end_ampm" => sanitize_text_field(( isset( $_POST['event_end_ampm'] ) ? $_POST['event_end_ampm'] : '' ))); if (isset($_POST['submiteventnew']))@@ -3257,7 +3257,7 @@ $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; - $venuenamequery = "select ce_venue_name from " . $wpdb->prefix . "ce_venues where ce_venue_id = " . $venueid;+ $venuenamequery = "select ce_venue_name from " . $wpdb->prefix . "ce_venues where ce_venue_id = " . intval( $venueid ); $venuename = $wpdb->get_var($venuenamequery); $categorynamequery = "select event_cat_name from " . $wpdb->prefix . "ce_category where event_cat_id = " . $newevent['event_category'];
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - File: community-events.php Lines: 3260
Old Code:
$categorynamequery = "select event_cat_name from " . $wpdb->prefix . "ce_category where event_cat_id = " . $newevent['event_category'];
Fixed Code:
$categorynamequery = "select event_cat_name from " . $wpdb->prefix . "ce_category where event_cat_id = " . intval( $venueid );
Explanation:
The old code directly used `$newevent['event_category']` in an SQL query without proper sanitization, which could lead to SQL injection if the value is controlled by an attacker. The fixed code uses `intval()` to ensure the value is an integer, preventing injection. However, note that the fixed code incorrectly uses `$venueid` instead of `$newevent['event_category']` for the category query. This appears to be a mistake in the fix, but the intent to use `intval()` for SQL injection prevention is clear.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - File: community-events.php Lines: 3259
Old Code:
$venuenamequery = "select ce_venue_name from " . $wpdb->prefix . "ce_venues where ce_venue_id = " . $venueid;
Fixed Code:
$venuenamequery = "select ce_venue_name from " . $wpdb->prefix . "ce_venues where ce_venue_id = " . intval( $venueid );
Explanation:
The old code directly used `$venueid` in an SQL query without proper sanitization, which could lead to SQL injection if the value is controlled by an attacker. The fixed code uses `intval()` to ensure the value is an integer, preventing injection.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - File: community-events.php Lines: 3208
Old Code:
$venueid = $_POST['event_venue'];
Fixed Code:
$venueid = intval( $_POST['event_venue'] );
Explanation:
The old code assigned `$_POST['event_venue']` directly to `$venueid` without validation, which could allow non-integer values (e.g., strings, arrays) to be used in subsequent operations, potentially leading to type confusion or SQL injection. The fixed code uses `intval()` to ensure `$venueid` is an integer, improving input validation.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - File: community-events.php Lines: 3211
Old Code:
"event_category" => sanitize_text_field( $_POST['event_category'] ),
Fixed Code:
"event_category" => intval( sanitize_text_field( $_POST['event_category'] ) ),
Explanation:
The old code used `sanitize_text_field()` on `$_POST['event_category']`, which is insufficient if the category is expected to be an integer (e.g., for database queries). This could allow non-integer values to be stored or used, leading to issues like SQL injection. The fixed code applies `intval()` after sanitization to ensure the value is an integer, though note that `sanitize_text_field()` may not be necessary if the value is always converted to an integer. This change ensures the category is validated as an integer.
CVE Analysis Results:
CVE-2025-10587: Yes
View CVE Description
The Community Events plugin for WordPress is vulnerable to SQL Injection via the event_category parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
[CVE-2025-2010] [JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin: 2.3.9→2.4.0] core/job_application.php
AI: 1 vulnerabilities
1 true positive
CVE-2025-2010
--- cache/jobwp_2.3.9/core/job_application.php 2025-12-04 14:05:22.612430535 +0000+++ cache/jobwp_2.4.0/core/job_application.php 2025-12-04 14:05:28.728823151 +0000@@ -46,29 +46,43 @@ $intl_tel_dial_code = ( isset( $post['jobwp_tel_country_code'] ) ? sanitize_text_field( $post['jobwp_tel_country_code'] ) : '' ); $intl_tel = ( isset( $post['jobwp_tel_1'] ) ? sanitize_text_field( $post['jobwp_tel_1'] ) : '' ); $intlPhone = ( '' !== $intl_tel ? $intl_tel_dial_code . $intl_tel : '' ); - $wpdb->query( 'INSERT INTO ' . $table_name . '( - job_post_id, - applied_for, - applicant_name, - applicant_email, - applicant_phone, - applicant_message, - resume_name, - applied_on, - user_consent, - intl_tel - ) VALUES ( - ' . get_the_ID() . ', - "' . $applyFor . '", - "' . $fullName . '", - "' . $email . '", - "' . $phoneNumber . '", - "' . $message . '", - "' . $uniqueFile . '", - "' . date( 'Y-m-d h:i:s' ) . '", - "' . $jobwp_user_consent . '", - "' . $intlPhone . '" - )' ); + /* + $wpdb->query('INSERT INTO ' . $table_name . '( + job_post_id, + applied_for, + applicant_name, + applicant_email, + applicant_phone, + applicant_message, + resume_name, + applied_on, + user_consent, + intl_tel + ) VALUES ( + ' . get_the_ID() . ', + "' . $applyFor . '", + "' . $fullName . '", + "' . $email . '", + "' . $phoneNumber . '", + "' . $message . '", + "' . $uniqueFile . '", + "' . date('Y-m-d h:i:s') . '", + "' . $jobwp_user_consent . '", + "' . $intlPhone . '" + )'); + */ + $wpdb->query( $wpdb->prepare( "INSERT INTO {$table_name}\r\n ( job_post_id,\r\n applied_for,\r\n applicant_name,\r\n applicant_email,\r\n applicant_phone,\r\n applicant_message,\r\n resume_name,\r\n applied_on,\r\n user_consent,\r\n intl_tel )\r\n VALUES ( %d, %s, %s, %s, %s, %s, %s, %s, %s, %s )", array( + get_the_ID(), + $applyFor, + $fullName, + $email, + $phoneNumber, + $message, + $uniqueFile, + date( 'Y-m-d h:i:s' ), + $jobwp_user_consent, + $intlPhone + ) ) ); // Admin Notification Email $attachments = array($fileName); $headers = "MIME-Version: 1.0" . "\r\n";
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
SQL Injection - CWE-89 - core/job_application.php [Lines 46-84]
Old Code:
```php
$wpdb->query( 'INSERT INTO ' . $table_name . '(
job_post_id,
applied_for,
applicant_name,
applicant_email,
applicant_phone,
applicant_message,
resume_name,
applied_on,
user_consent,
intl_tel
) VALUES (
' . get_the_ID() . ',
"' . $applyFor . '",
"' . $fullName . '",
"' . $email . '",
"' . $phoneNumber . '",
"' . $message . '",
"' . $uniqueFile . '",
"' . date( 'Y-m-d h:i:s' ) . '",
"' . $jobwp_user_consent . '",
"' . $intlPhone . '"
)' );
```
Fixed Code:
```php
$wpdb->query( $wpdb->prepare( "INSERT INTO {$table_name}
( job_post_id,
applied_for,
applicant_name,
applicant_email,
applicant_phone,
applicant_message,
resume_name,
applied_on,
user_consent,
intl_tel )
VALUES ( %d, %s, %s, %s, %s, %s, %s, %s, %s, %s )", array(
get_the_ID(),
$applyFor,
$fullName,
$email,
$phoneNumber,
$message,
$uniqueFile,
date( 'Y-m-d h:i:s' ),
$jobwp_user_consent,
$intlPhone
) ) );
```
Explanation:
The old code directly concatenated user-supplied variables into an SQL query string, making it vulnerable to SQL injection. An attacker could manipulate inputs like `$fullName`, `$email`, etc., to inject malicious SQL commands. The fixed code uses `$wpdb->prepare()` with placeholders (`%d`, `%s`) and passes variables as parameters, which properly escapes and sanitizes them, preventing SQL injection.
CVE Analysis Results:
CVE-2025-2010: Yes
View CVE Description
The JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
[CVE-2025-26988] [SMS Alert Order Notifications – WooCommerce: 3.7.8→3.7.9] helper/share-cart.php
AI: 3 vulnerabilities
3 true positives
CVE-2025-26988
--- cache/sms-alert_3.7.8/helper/share-cart.php 2025-12-04 14:05:20.448291617 +0000+++ cache/sms-alert_3.7.9/helper/share-cart.php 2025-12-04 14:05:24.220533761 +0000@@ -303,19 +303,21 @@ } if (isset($_REQUEST['sc_umobile']) ) { global $phoneLogic;+ $sc_umobile = sanitize_text_field($_REQUEST['sc_umobile']);+ $sc_fmobile = sanitize_text_field($_REQUEST['sc_fmobile']);+ + $invalid_fmob= str_replace('##phone##', $sc_fmobile, $phoneLogic->_get_otp_invalid_format_message()); - $invalid_fmob= str_replace('##phone##', $_REQUEST['sc_fmobile'], $phoneLogic->_get_otp_invalid_format_message());+ $invalid_scmob= str_replace('##phone##', $sc_umobile, $phoneLogic->_get_otp_invalid_format_message()); - $invalid_scmob= str_replace('##phone##', $_REQUEST['sc_umobile'], $phoneLogic->_get_otp_invalid_format_message());+ $sc_fmobile = SmsAlertcURLOTP::checkPhoneNos($sc_fmobile); - $_REQUEST['sc_fmobile'] = SmsAlertcURLOTP::checkPhoneNos($_REQUEST['sc_fmobile']);+ $sc_umobile = SmsAlertcURLOTP::checkPhoneNos($sc_umobile); - $_REQUEST['sc_umobile'] = SmsAlertcURLOTP::checkPhoneNos($_REQUEST['sc_umobile']);- - if (empty($_REQUEST['sc_umobile'])) {+ if (empty($sc_umobile)) { echo $invalid_scmob;die(); }- if (empty($_REQUEST['sc_fmobile'])) {+ if (empty($sc_fmobile)) { echo $invalid_fmob;die(); } @@ -342,7 +344,6 @@ // Checking if we have values coming from the input fields. $name = sanitize_text_field($_REQUEST['sc_uname']);- $phone = sanitize_text_field($_REQUEST['sc_umobile']); $current_session_exist_in_db = $public->current_session_exist_in_db($cart_session_id); // If we have already inserted the Users session ID in Session variable and it is not NULL and Current session ID exists in Database we update the abandoned cart row.@@ -355,8 +356,8 @@ $wpdb->update( $table_name, array(- 'name' => sanitize_text_field($name),- 'phone' => filter_var($phone, FILTER_SANITIZE_NUMBER_INT),+ 'name' => $name,+ 'phone' => filter_var($sc_umobile, FILTER_SANITIZE_NUMBER_INT), 'cart_contents' => serialize($product_array), 'cart_total' => sanitize_text_field($cart_total), 'currency' => sanitize_text_field($cart_currency),@@ -384,8 +385,8 @@ ( name, phone, cart_contents, cart_total, currency, time, session_id, msg_sent ) VALUES ( %s, %s, %s, %0.2f, %s, %s, %s, %d )', array(- sanitize_text_field($name),- filter_var($phone, FILTER_SANITIZE_NUMBER_INT),+ $name,+ filter_var($sc_umobile, FILTER_SANITIZE_NUMBER_INT), serialize($product_array), sanitize_text_field($cart_total), sanitize_text_field($cart_currency),@@ -401,25 +402,21 @@ } // Send Msg to friend- if ($_REQUEST['sc_fmobile'] ) {+ $table_name = $wpdb->prefix . SA_CART_TABLE_NAME; - $table_name = $wpdb->prefix . SA_CART_TABLE_NAME;+ // $lastid = $wpdb->insert_id;+ $lastid = $wpdb->get_results('SELECT MAX(id) FROM ' . $table_name, ARRAY_A); - // $lastid = $wpdb->insert_id;- $lastid = $wpdb->get_results('SELECT MAX(id) FROM ' . $table_name, ARRAY_A);+ $data = $wpdb->get_results('SELECT * FROM ' . $table_name . ' WHERE id = ' . $lastid[0]['MAX(id)'], ARRAY_A);+ $data = array_shift($data); - $data = $wpdb->get_results('SELECT * FROM ' . $table_name . ' WHERE id = ' . $lastid[0]['MAX(id)'], ARRAY_A);- $data = array_shift($data);-- $data['cart_url'] = $this->create_cart_url($session_id, $data['id']);- $data['friend_name'] = sanitize_text_field($_REQUEST['sc_fname']);- $data['friend_phone'] = sanitize_text_field($_REQUEST['sc_fmobile']);- $data['your_phone'] = sanitize_text_field($_REQUEST['sc_umobile']);- $data['your_name'] = sanitize_text_field($_REQUEST['sc_uname']);- $phone = sanitize_text_field($_REQUEST['sc_fmobile']);- $message = smsalert_get_option('customer_notify', 'smsalert_share_cart_message');- do_action('sa_send_sms', $phone, $this->parseSmsBody($data, $message));- }+ $data['cart_url'] = $this->create_cart_url($session_id, $data['id']);+ $data['friend_name'] = sanitize_text_field($_REQUEST['sc_fname']);+ $data['friend_phone'] = $sc_fmobile;+ $data['your_phone'] = $sc_umobile;+ $data['your_name'] = $name;+ $message = smsalert_get_option('customer_notify', 'smsalert_share_cart_message');+ do_action('sa_send_sms', $sc_fmobile, $this->parseSmsBody($data, $message)); echo 'Cart Shared Successfully.'; die();
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CWE ID 79 - File helper/share-cart.php Lines 303-306
Old Code:
```php
if (isset($_REQUEST['sc_umobile']) ) {
global $phoneLogic;
$invalid_fmob= str_replace('##phone##', $_REQUEST['sc_fmobile'], $phoneLogic->_get_otp_invalid_format_message());
$invalid_scmob= str_replace('##phone##', $_REQUEST['sc_umobile'], $phoneLogic->_get_otp_invalid_format_message());
```
Fixed Code:
```php
if (isset($_REQUEST['sc_umobile']) ) {
global $phoneLogic;
$sc_umobile = sanitize_text_field($_REQUEST['sc_umobile']);
$sc_fmobile = sanitize_text_field($_REQUEST['sc_fmobile']);
$invalid_fmob= str_replace('##phone##', $sc_fmobile, $phoneLogic->_get_otp_invalid_format_message());
$invalid_scmob= str_replace('##phone##', $sc_umobile, $phoneLogic->_get_otp_invalid_format_message());
```
Explanation:
The old code directly used unsanitized `$_REQUEST['sc_umobile']` and `$_REQUEST['sc_fmobile']` in string replacement operations that could be echoed to the page. This could allow Cross-site Scripting (XSS) if malicious input containing JavaScript was passed. The fix adds `sanitize_text_field()` to sanitize these inputs before use, which removes or encodes potentially dangerous characters.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CWE ID 89 - File helper/share-cart.php Lines 405-408
Old Code:
```php
$lastid = $wpdb->get_results('SELECT MAX(id) FROM ' . $table_name, ARRAY_A);
$data = $wpdb->get_results('SELECT * FROM ' . $table_name . ' WHERE id = ' . $lastid[0]['MAX(id)'], ARRAY_A);
```
Fixed Code:
```php
$lastid = $wpdb->get_results('SELECT MAX(id) FROM ' . $table_name, ARRAY_A);
$data = $wpdb->get_results('SELECT * FROM ' . $table_name . ' WHERE id = ' . $lastid[0]['MAX(id)'], ARRAY_A);
```
Explanation:
The SQL query in both old and new code concatenates the `$lastid[0]['MAX(id)']` value directly into the SQL string without proper parameterization or escaping. This could allow SQL injection if the value is controlled by an attacker. However, note that the code appears identical in both versions; the diff does not show a change in these lines. The vulnerability existed and persists. The surrounding code changes improve input sanitization for other variables but do not address this SQL injection risk. Therefore, the vulnerability existed in the old code and remains in the new code.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - CWE ID 20 - File helper/share-cart.php Lines 303-306
Old Code:
```php
if (isset($_REQUEST['sc_umobile']) ) {
global $phoneLogic;
$invalid_fmob= str_replace('##phone##', $_REQUEST['sc_fmobile'], $phoneLogic->_get_otp_invalid_format_message());
$invalid_scmob= str_replace('##phone##', $_REQUEST['sc_umobile'], $phoneLogic->_get_otp_invalid_format_message());
```
Fixed Code:
```php
if (isset($_REQUEST['sc_umobile']) ) {
global $phoneLogic;
$sc_umobile = sanitize_text_field($_REQUEST['sc_umobile']);
$sc_fmobile = sanitize_text_field($_REQUEST['sc_fmobile']);
$invalid_fmob= str_replace('##phone##', $sc_fmobile, $phoneLogic->_get_otp_invalid_format_message());
$invalid_scmob= str_replace('##phone##', $sc_umobile, $phoneLogic->_get_otp_invalid_format_message());
```
Explanation:
The old code lacked proper validation and sanitization of user inputs `sc_umobile` and `sc_fmobile` before using them in string operations and later in SQL queries and SMS sending. The fix introduces `sanitize_text_field()` to clean these inputs, reducing the risk of XSS and other injection attacks. Additionally, the code now uses the sanitized variables consistently throughout the function, improving overall input validation.
CVE Analysis Results:
CVE-2025-26988: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.7.8.
[CVE-2025-28983] [Click & Pledge CONNECT: 25.04010101-WP6.8→25.07000000-WP6.8.1] Functions/functionscnp.php
AI: 5 vulnerabilities
1 false positive, 4 true positives
CVE-2025-28983
--- cache/click-pledge-connect_25.04010101-WP6.8/Functions/functionscnp.php 2025-12-04 14:05:22.244406911 +0000+++ cache/click-pledge-connect_25.07000000-WP6.8.1/Functions/functionscnp.php 2025-12-04 14:05:24.632560209 +0000@@ -4,15 +4,17 @@ { global $wpdb; global $cnp_table_name;-global $cnp_formtable_name;-global $cnprtrnstr;--$cnpGetImagesql = $wpdb->prepare(- "SELECT * FROM $cnp_table_name WHERE cnpform_groupname = %s AND cnpform_ptype = %s",- $guid,- $cnptxt-); + $guid = sanitize_text_field($guid);+ $cnptyp = sanitize_text_field($cnptyp);+ $cnptxt = sanitize_text_field($cnptxt);+ + $cnpGetImagesql = $wpdb->prepare(+ "SELECT * FROM " . esc_sql($cnp_table_name) . " + WHERE cnpform_groupname = %s AND cnpform_ptype = %s",+ $guid,+ $cnptxt+ ); $cnpimgresult = $wpdb->get_results($cnpGetImagesql); @@ -40,32 +42,35 @@ { global $wpdb; global $cnp_table_name;-global $cnprtrnstr; $currentdate = CFCNP_PLUGIN_CURRENTTIME;+$cnpshortcode = sanitize_text_field($cnpshortcode);+ $table = esc_sql($cnp_table_name); -$cnpGetImagesql = $wpdb->prepare(- "SELECT * FROM $cnp_table_name - WHERE - (cnpform_shortcode = %s OR cnpform_shortcode = %s) - AND cnpform_status = 1 - AND (- (cnpform_Form_EndDate != '0000-00-00 00:00:00' - AND %s BETWEEN cnpform_Form_StartDate AND cnpform_Form_EndDate) - OR - (cnpform_Form_EndDate = '0000-00-00 00:00:00' - AND cnpform_Form_StartDate <= %s)- ) - ORDER BY cnpform_Date_Modified ASC - LIMIT 1",- '[CnPConnect ' . $cnpshortcode . ']',- '[CnP.Form ' . $cnpshortcode . ']',- $currentdate,- $currentdate-);+$shortcode1 = '[CnPConnect ' . $cnpshortcode . ']';+$shortcode2 = '[CnP.Form ' . $cnpshortcode . ']'; + // Prepare SQL with placeholders for values only+ $sql = $wpdb->prepare(+ "SELECT * FROM {$table} + WHERE (cnpform_shortcode = %s OR cnpform_shortcode = %s) + AND cnpform_status = 1 + AND (+ (cnpform_Form_EndDate != '0000-00-00 00:00:00' + AND %s BETWEEN cnpform_Form_StartDate AND cnpform_Form_EndDate) + OR + (cnpform_Form_EndDate = '0000-00-00 00:00:00' + AND cnpform_Form_StartDate <= %s)+ ) + ORDER BY cnpform_Date_Modified ASC + LIMIT 1",+ $shortcode1,+ $shortcode2,+ $currentdate,+ $currentdate+ ); -$cnpimgresult = $wpdb->get_results($cnpGetImagesql);+$cnpimgresult = $wpdb->get_results($sql); return !empty($cnpimgresult);@@ -74,33 +79,40 @@ } function CNPCF_isExistchannelShortcode($cnpshortcode) {- global $wpdb; +global $wpdb; global $cnp_channelgrptable_name;-global $cnprtrnstr; -$currentdate = CFCNP_PLUGIN_CURRENTTIME;+$cnpshortcode = sanitize_text_field($cnpshortcode); + + $currentdate = CFCNP_PLUGIN_CURRENTTIME; -$cnpGetImagesql = $wpdb->prepare(- "SELECT * FROM $cnp_channelgrptable_name - WHERE - cnpchannelgrp_shortcode = %s - AND cnpchannelgrp_status = 1 - AND (- (cnpchannelgrp_channel_EndDate != '0000-00-00 00:00:00' - AND %s BETWEEN cnpchannelgrp_channel_StartDate AND cnpchannelgrp_channel_EndDate) - OR - (cnpchannelgrp_channel_EndDate = '0000-00-00 00:00:00' - AND cnpchannelgrp_channel_StartDate <= %s)- ) - ORDER BY cnpchannelgrp_Date_Modified ASC - LIMIT 1",- '[CnP.pledgeTV ' . $cnpshortcode . ']',- $currentdate,- $currentdate-);+ + $table = esc_sql($cnp_channelgrptable_name); -$cnpimgresult = $wpdb->get_results($cnpGetImagesql);+ + $shortcodeFormatted = '[CnP.pledgeTV ' . $cnpshortcode . ']';++ // Prepare the SQL query with placeholders for values only+ $sql = $wpdb->prepare(+ "SELECT * FROM {$table}+ WHERE cnpchannelgrp_shortcode = %s+ AND cnpchannelgrp_status = 1+ AND (+ (cnpchannelgrp_channel_EndDate != '0000-00-00 00:00:00' + AND %s BETWEEN cnpchannelgrp_channel_StartDate AND cnpchannelgrp_channel_EndDate)+ OR+ (cnpchannelgrp_channel_EndDate = '0000-00-00 00:00:00' + AND cnpchannelgrp_channel_StartDate <= %s)+ )+ ORDER BY cnpchannelgrp_Date_Modified ASC+ LIMIT 1",+ $shortcodeFormatted,+ $currentdate,+ $currentdate+ );++$cnpimgresult = $wpdb->get_results($sql); return !empty($cnpimgresult); @@ -110,12 +122,13 @@ { global $wpdb; global $cnp_table_name;-global $cnprtrnstr;+$cnpshortcode = sanitize_text_field($cnpshortcode); + $cnp_table_name = esc_sql($cnp_table_name); $cnpGetImagesql = $wpdb->prepare( "SELECT cnpform_custommsg - FROM $cnp_table_name + FROM {$cnp_table_name} WHERE cnpform_shortcode = %s OR cnpform_shortcode = %s", '[CnPConnect ' . $cnpshortcode . ']',@@ -137,25 +150,28 @@ { global $wpdb; global $cnp_channelgrptable_name;-global $cnprtrnstr;+$cnpshortcode = sanitize_text_field($cnpshortcode);+ $formatted_shortcode = '[CnP.pledgeTV ' . $cnpshortcode . ']';+ $cnprtrnstr = ''; $cnpGetImagesql = $wpdb->prepare( "SELECT cnpchannelgrp_custommsg - FROM $cnp_channelgrptable_name + FROM {$cnp_channelgrptable_name} WHERE cnpchannelgrp_shortcode = %s",- '[CnP.pledgeTV ' . $cnpshortcode . ']'+ $formatted_shortcode+ ); -$cnperrresult = $wpdb->get_results($cnpGetImagesql);+$cnperrresult = $wpdb->get_row($cnpGetImagesql); if (!empty($cnperrresult)) { - foreach ($cnperrresult as $cnperrresultsarr) {- $cnprtrnstr = $cnperrresultsarr->cnpchannelgrp_custommsg;- }+ + $cnprtrnstr = $cnperrresult->cnpchannelgrp_custommsg;+ } return $cnprtrnstr;@@ -165,11 +181,12 @@ { global $wpdb; global $cnp_table_name;-global $cnprtrnstr;+$cnpshortcode = sanitize_text_field($cnpshortcode);+ $cnp_table_name = esc_sql($cnp_table_name); $cnpGetguidsql = $wpdb->prepare( "SELECT cnpform_guid - FROM $cnp_table_name + FROM {$cnp_table_name} WHERE cnpform_shortcode = %s OR cnpform_shortcode = %s", '[CnP ' . $cnpshortcode . ']', '[CnP.Form ' . $cnpshortcode . ']'@@ -187,7 +204,6 @@ { global $wpdb; global $cnp_table_name;-global $cnprtrnstr; $currentdate = CFCNP_PLUGIN_CURRENTTIME; $cnpGetguidsql = $wpdb->prepare(@@ -606,6 +622,7 @@ function CNPCF_addSettings($tblname,$forminfo) { global $wpdb, $cnp_settingtable_name;+ $cnp_settingtable_name = esc_sql($cnp_settingtable_name); $count = sizeof($forminfo); @@ -617,7 +634,7 @@ $scnpSQL = $wpdb->prepare(- "SELECT * FROM $cnp_settingtable_name WHERE cnpstngs_frndlyname = %s OR cnpstngs_AccountNumber = %s",+ "SELECT * FROM {$cnp_settingtable_name} WHERE cnpstngs_frndlyname = %s OR cnpstngs_AccountNumber = %s", $friendly_name, $account_id );@@ -749,7 +766,7 @@ global $wpdb; global $cnp_formtable_name;-+ $wherefldid_sanitized = intval($wherefldid); $cnpGetFrmDtsql = $wpdb->prepare(@@ -823,18 +840,37 @@ $active = 1; - $sSQL = "UPDATE " . $cnp_channelgrptable_name . " SET - cnpchannelgrp_channel_StartDate = '$frmgrpstartdt1',- cnpchannelgrp_channel_EndDate = '$frmgrpenddt1',- cnpchannelgrp_status = '" . $forminfo['lstchnlsts'] . "',- cnpchannelgrp_custommsg = '" . $forminfo['txterrortxt'] . "',- cnpchannelgrp_Date_Modified = '$current_time'- WHERE cnpchannelgrp_ID = '" . $forminfo['hdnfrmid'] . "'";- $wpdb->query($sSQL);++$sSQL = $wpdb->prepare(+ "UPDATE {$cnp_channelgrptable_name} SET + cnpchannelgrp_channel_StartDate = %s,+ cnpchannelgrp_channel_EndDate = %s,+ cnpchannelgrp_status = %s,+ cnpchannelgrp_custommsg = %s,+ cnpchannelgrp_Date_Modified = %s+ WHERE cnpchannelgrp_ID = %d",+ sanitize_text_field($frmgrpstartdt1),+ sanitize_text_field($frmgrpenddt1),+ sanitize_text_field($forminfo['lstchnlsts']),+ sanitize_text_field($forminfo['txterrortxt']),+ sanitize_text_field($current_time),+ intval($forminfo['hdnfrmid'])+);++$wpdb->query($sSQL);+ $noofforms = $forminfo['hidnoofforms']; - $wpdb->query("DELETE FROM " . $cnp_channeltable_name . " WHERE cnpchannel_cnpchannelgrp_ID = " . $forminfo['hdnfrmid']);++$channel_group_id = intval($forminfo['hdnfrmid']);++$sql = $wpdb->prepare(+ "DELETE FROM {$cnp_channeltable_name} WHERE cnpchannel_cnpchannelgrp_ID = %d",+ $channel_group_id+);++$wpdb->query($sql); for ($inc = 0; $inc < $noofforms; $inc++) {@@ -860,15 +896,30 @@ if ($forminfo[$lstcnpactivecamp] != "") {- $sSQL = "INSERT INTO " . $cnp_channeltable_name . " - (cnpchannel_cnpchannelgrp_ID, cnpchannel_channelName, - cnpchannel_channelStartDate, cnpchannel_channelEndDate, - cnpchannel_channelStatus, cnpchannel_DateCreated) - VALUES - ('" . $forminfo['hdnfrmid'] . "', '" . $forminfo[$lstcnpactivecamp] . "', - '$txtcnpformstrtdt1', '$txtcnpformenddt1', $active, - '$current_time')";- $wpdb->query($sSQL);+ +$group_id = intval($forminfo['hdnfrmid']);+$channel_name = sanitize_text_field($forminfo[$lstcnpactivecamp]);+$start_date = sanitize_text_field($txtcnpformstrtdt1);+$end_date = sanitize_text_field($txtcnpformenddt1);+$channel_status = intval($active);+$date_created = sanitize_text_field($current_time);++$sql = $wpdb->prepare(+ "INSERT INTO {$cnp_channeltable_name} + (cnpchannel_cnpchannelgrp_ID, cnpchannel_channelName, + cnpchannel_channelStartDate, cnpchannel_channelEndDate, + cnpchannel_channelStatus, cnpchannel_DateCreated)+ VALUES (%d, %s, %s, %s, %d, %s)",+ $group_id,+ $channel_name,+ $start_date,+ $end_date,+ $channel_status,+ $date_created+);++$wpdb->query($sql);+ } } return true;@@ -937,18 +988,51 @@ // cnpform_shortcode='$frmcode', $active =1;//cnpform_groupname ='$forminfo[txtcnpfrmgrp]',- $sSQL = "UPDATE ".$cnp_table_name." set cnpform_type='$forminfo[lstfrmtyp]',- cnpform_ptype='$forminfo[lstpopuptyp]',- cnpform_text='$forminfo[txtpopuptxt]',- cnpform_Form_StartDate='$frmgrpstartdt1',- cnpform_Form_EndDate='$frmgrpenddt1',- cnpform_status='$forminfo[lstfrmsts]',- cnpform_custommsg='$forminfo[txterrortxt]',- cnpform_Date_Modified='$current_time'- where cnpform_ID ='".$forminfo['hdnfrmid']."'"; - $wpdb->query($sSQL);+ +$form_id = intval($forminfo['hdnfrmid']);+$form_type = sanitize_text_field($forminfo['lstfrmtyp']);+$popup_type = sanitize_text_field($forminfo['lstpopuptyp']);+$popup_text = sanitize_text_field($forminfo['txtpopuptxt']);+$start_date = sanitize_text_field($frmgrpstartdt1);+$end_date = sanitize_text_field($frmgrpenddt1);+$form_status = sanitize_text_field($forminfo['lstfrmsts']);+$error_text = sanitize_text_field($forminfo['txterrortxt']);+$date_modified = sanitize_text_field($current_time);++$sql = $wpdb->prepare(+ "UPDATE {$cnp_table_name} SET + cnpform_type = %s,+ cnpform_ptype = %s,+ cnpform_text = %s,+ cnpform_Form_StartDate = %s,+ cnpform_Form_EndDate = %s,+ cnpform_status = %s,+ cnpform_custommsg = %s,+ cnpform_Date_Modified = %s+ WHERE cnpform_ID = %d",+ $form_type,+ $popup_type,+ $popup_text,+ $start_date,+ $end_date,+ $form_status,+ $error_text,+ $date_modified,+ $form_id+);++$wpdb->query($sql);+ $noofforms = $forminfo['hidnoofforms'];- $wpdb->query("delete from ".$cnp_formtable_name." where cnpform_cnpform_ID =".$forminfo['hdnfrmid']);++$form_id = intval($forminfo['hdnfrmid']);++$sql = $wpdb->prepare(+ "DELETE FROM {$cnp_formtable_name} WHERE cnpform_cnpform_ID = %d",+ $form_id+);++$wpdb->query($sql); for($inc=0;$inc< $noofforms;$inc++) { @@ -980,12 +1064,36 @@ } - - $sSQL = "INSERT INTO ".$cnp_formtable_name."(cnpform_cnpform_ID,cnpform_CampaignName,cnpform_FormName,cnpform_GUID, cnpform_FormStartDate,cnpform_FormEndDate,cnpform_FormStatus,cnpform_DateCreated,cnpform_urlparameters)values('".$forminfo['hdnfrmid']."','$forminfo[$lstcnpactivecamp]',- '$forminfo[$lstcnpfrmtyp]','$forminfo[$txtcnpguid]',- '$txtcnpformstrtdt1','$txtcnpformenddt1',$active,- '$current_time','$forminfo[$txtcnpformurlparms]')"; - $wpdb->query($sSQL);+$form_id = intval($forminfo['hdnfrmid']);+$campaign_name = sanitize_text_field($forminfo[$lstcnpactivecamp]);+$form_name = sanitize_text_field($forminfo[$lstcnpfrmtyp]);+$form_guid = sanitize_text_field($forminfo[$txtcnpguid]);+$start_date = sanitize_text_field($txtcnpformstrtdt1);+$end_date = sanitize_text_field($txtcnpformenddt1);+$form_status = intval($active);+$date_created = sanitize_text_field($current_time);+$url_params = sanitize_text_field($forminfo[$txtcnpformurlparms]);+++$sql = $wpdb->prepare(+ "INSERT INTO {$cnp_formtable_name} + (cnpform_cnpform_ID, cnpform_CampaignName, cnpform_FormName, cnpform_GUID,+ cnpform_FormStartDate, cnpform_FormEndDate, cnpform_FormStatus,+ cnpform_DateCreated, cnpform_urlparameters)+ VALUES (%d, %s, %s, %s, %s, %s, %d, %s, %s)",+ $form_id,+ $campaign_name,+ $form_name,+ $form_guid,+ $start_date,+ $end_date,+ $form_status,+ $date_created,+ $url_params+);++$wpdb->query($sql);+ }@@ -1140,6 +1248,7 @@ global $wpdb; global $cnp_channelgrptable_name; global $cnp_channeltable_name;+$groupname = sanitize_text_field($groupname); $returnarr = []; $currentdate = CFCNP_PLUGIN_CURRENTTIME;
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CWE-89 - Functions/functionscnp.php Lines 4-15
Old Code:
```
$cnpGetImagesql = $wpdb->prepare(
"SELECT * FROM $cnp_table_name WHERE cnpform_groupname = %s AND cnpform_ptype = %s",
$guid,
$cnptxt
);
```
Fixed Code:
```
$guid = sanitize_text_field($guid);
$cnptyp = sanitize_text_field($cnptyp);
$cnptxt = sanitize_text_field($cnptxt);
$cnpGetImagesql = $wpdb->prepare(
"SELECT * FROM " . esc_sql($cnp_table_name) . "
WHERE cnpform_groupname = %s AND cnpform_ptype = %s",
$guid,
$cnptxt
);
```
Explanation:
The old code used user-supplied variables ($guid, $cnptxt) directly in SQL queries without proper sanitization. While $wpdb->prepare() uses placeholders for values, the table name ($cnp_table_name) was not properly escaped. The fix adds sanitize_text_field() for input variables and esc_sql() for table names to prevent SQL injection attacks.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CWE-89 - Functions/functionscnp.php Lines 40-70
Old Code:
```
$cnpGetImagesql = $wpdb->prepare(
"SELECT * FROM $cnp_table_name
WHERE
(cnpform_shortcode = %s OR cnpform_shortcode = %s)
AND cnpform_status = 1
AND (
(cnpform_Form_EndDate != '0000-00-00 00:00:00'
AND %s BETWEEN cnpform_Form_StartDate AND cnpform_Form_EndDate)
OR
(cnpform_Form_EndDate = '0000-00-00 00:00:00'
AND cnpform_Form_StartDate <= %s)
)
ORDER BY cnpform_Date_Modified ASC
LIMIT 1",
'[CnPConnect ' . $cnpshortcode . ']',
'[CnP.Form ' . $cnpshortcode . ']',
$currentdate,
$currentdate
);
```
Fixed Code:
```
$cnpshortcode = sanitize_text_field($cnpshortcode);
$table = esc_sql($cnp_table_name);
$shortcode1 = '[CnPConnect ' . $cnpshortcode . ']';
$shortcode2 = '[CnP.Form ' . $cnpshortcode . ']';
// Prepare SQL with placeholders for values only
$sql = $wpdb->prepare(
"SELECT * FROM {$table}
WHERE (cnpform_shortcode = %s OR cnpform_shortcode = %s)
AND cnpform_status = 1
AND (
(cnpform_Form_EndDate != '0000-00-00 00:00:00'
AND %s BETWEEN cnpform_Form_StartDate AND cnpform_Form_EndDate)
OR
(cnpform_Form_EndDate = '0000-00-00 00:00:00'
AND cnpform_Form_StartDate <= %s)
)
ORDER BY cnpform_Date_Modified ASC
LIMIT 1",
$shortcode1,
$shortcode2,
$currentdate,
$currentdate
);
```
Explanation:
The old code concatenated user input ($cnpshortcode) directly into SQL strings before passing to $wpdb->prepare(), bypassing the protection of prepared statements. The fix adds sanitize_text_field() for the input and esc_sql() for the table name, ensuring proper SQL injection protection.
Vulnerability Existed: yes
FALSE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CWE-89 - Functions/functionscnp.php Lines 74-110
Old Code:
```
$cnpGetImagesql = $wpdb->prepare(
"SELECT * FROM $cnp_channelgrptable_name
WHERE
cnpchannelgrp_shortcode = %s
AND cnpchannelgrp_status = 1
AND (
(cnpchannelgrp_channel_EndDate != '0000-00-00 00:00:00'
AND %s BETWEEN cnpchannelgrp_channel_StartDate AND cnpchannelgrp_channel_EndDate)
OR
(cnpchannelgrp_channel_EndDate = '0000-00-00 00:00:00'
AND cnpchannelgrp_channel_StartDate <= %s)
)
ORDER BY cnpchannelgrp_Date_Modified ASC
LIMIT 1",
'[CnP.pledgeTV ' . $cnpshortcode . ']',
$currentdate,
$currentdate
);
```
Fixed Code:
```
$cnpshortcode = sanitize_text_field($cnpshortcode);
$table = esc_sql($cnp_channelgrptable_name);
$shortcodeFormatted = '[CnP.pledgeTV ' . $cnpshortcode . ']';
// Prepare the SQL query with placeholders for values only
$sql = $wpdb->prepare(
"SELECT * FROM {$table}
WHERE cnpchannelgrp_shortcode = %s
AND cnpchannelgrp_status = 1
AND (
(cnpchannelgrp_channel_EndDate != '0000-00-00 00:00:00'
AND %s BETWEEN cnpchannelgrp_channel_StartDate AND cnpchannelgrp_channel_EndDate)
OR
(cnpchannelgrp_channel_EndDate = '0000-00-00 00:00:00'
AND cnpchannelgrp_channel_StartDate <= %s)
)
ORDER BY cnpchannelgrp_Date_Modified ASC
LIMIT 1",
$shortcodeFormatted,
$currentdate,
$currentdate
);
```
Explanation:
Similar to previous vulnerabilities, user input ($cnpshortcode) was concatenated into SQL strings before being passed to prepared statements. The fix adds input sanitization with sanitize_text_field() and table name escaping with esc_sql() to prevent SQL injection.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CWE-89 - Functions/functionscnp.php Lines 823-860
Old Code:
```
$sSQL = "UPDATE " . $cnp_channelgrptable_name . " SET
cnpchannelgrp_channel_StartDate = '$frmgrpstartdt1',
cnpchannelgrp_channel_EndDate = '$frmgrpenddt1',
cnpchannelgrp_status = '" . $forminfo['lstchnlsts'] . "',
cnpchannelgrp_custommsg = '" . $forminfo['txterrortxt'] . "',
cnpchannelgrp_Date_Modified = '$current_time'
WHERE cnpchannelgrp_ID = '" . $forminfo['hdnfrmid'] . "'";
$wpdb->query($sSQL);
```
Fixed Code:
```
$sSQL = $wpdb->prepare(
"UPDATE {$cnp_channelgrptable_name} SET
cnpchannelgrp_channel_StartDate = %s,
cnpchannelgrp_channel_EndDate = %s,
cnpchannelgrp_status = %s,
cnpchannelgrp_custommsg = %s,
cnpchannelgrp_Date_Modified = %s
WHERE cnpchannelgrp_ID = %d",
sanitize_text_field($frmgrpstartdt1),
sanitize_text_field($frmgrpenddt1),
sanitize_text_field($forminfo['lstchnlsts']),
sanitize_text_field($forminfo['txterrortxt']),
sanitize_text_field($current_time),
intval($forminfo['hdnfrmid'])
);
$wpdb->query($sSQL);
```
Explanation:
The old code used direct string concatenation with user input in SQL queries, making it vulnerable to SQL injection. The fix replaces this with $wpdb->prepare() with proper placeholders and adds sanitization for all input values (sanitize_text_field() for strings, intval() for integers).
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CWE-89 - Functions/functionscnp.php Lines 937-1030
Old Code:
```
$sSQL = "UPDATE ".$cnp_table_name." set cnpform_type='$forminfo[lstfrmtyp]',
cnpform_ptype='$forminfo[lstpopuptyp]',
cnpform_text='$forminfo[txtpopuptxt]',
cnpform_Form_StartDate='$frmgrpstartdt1',
cnpform_Form_EndDate='$frmgrpenddt1',
cnpform_status='$forminfo[lstfrmsts]',
cnpform_custommsg='$forminfo[txterrortxt]',
cnpform_Date_Modified='$current_time'
where cnpform_ID ='".$forminfo['hdnfrmid']."'";
$wpdb->query($sSQL);
```
Fixed Code:
```
$form_id = intval($forminfo['hdnfrmid']);
$form_type = sanitize_text_field($forminfo['lstfrmtyp']);
$popup_type = sanitize_text_field($forminfo['lstpopuptyp']);
$popup_text = sanitize_text_field($forminfo['txtpopuptxt']);
$start_date = sanitize_text_field($frmgrpstartdt1);
$end_date = sanitize_text_field($frmgrpenddt1);
$form_status = sanitize_text_field($forminfo['lstfrmsts']);
$error_text = sanitize_text_field($forminfo['txterrortxt']);
$date_modified = sanitize_text_field($current_time);
$sql = $wpdb->prepare(
"UPDATE {$cnp_table_name} SET
cnpform_type = %s,
cnpform_ptype = %s,
cnpform_text = %s,
cnpform_Form_StartDate = %s,
cnpform_Form_EndDate = %s,
cnpform_status = %s,
cnpform_custommsg = %s,
cnpform_Date_Modified = %s
WHERE cnpform_ID = %d",
$form_type,
$popup_type,
$popup_text,
$start_date,
$end_date,
$form_status,
$error_text,
$date_modified,
$form_id
);
$wpdb->query($sql);
```
Explanation:
The old UPDATE query used direct string concatenation with multiple user inputs, creating a severe SQL injection vulnerability. The fix properly uses $wpdb->prepare() with placeholders and sanitizes all input values before using them in the query.
CVE Analysis Results:
CVE-2025-28983: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.
[CVE-2025-28983] [Click & Pledge CONNECT: 25.04010101-WP6.8→25.07000000-WP6.8.1] channelAdd.php
AI: 2 vulnerabilities
2 true positives
CVE-2025-28983
--- cache/click-pledge-connect_25.04010101-WP6.8/channelAdd.php 2025-12-04 14:05:22.232406141 +0000+++ cache/click-pledge-connect_25.07000000-WP6.8.1/channelAdd.php 2025-12-04 14:05:24.620559438 +0000@@ -5,7 +5,11 @@ if (isset($_POST["cnpchnlbtnsave"])) { - $addform = !empty($_POST["addchannelval"]) ? sanitize_text_field(wp_unslash($_POST["addchannelval"])) : '';+ // $addform = !empty($_POST["addchannelval"]) ? sanitize_text_field(wp_unslash($_POST["addchannelval"])) : '';+$addform = isset($_POST["addchannelval"]) ? intval($_POST["addchannelval"]) : 0;+++ global $wpdb, $cnp_channelgrptable_name; if ($addform == 1) {@@ -32,15 +36,16 @@ } $hidval = 1;-$act = !empty($_REQUEST["cnpviewid"]) ? sanitize_text_field(wp_unslash($_REQUEST["cnpviewid"])) : '';+//$act = !empty($_REQUEST["cnpviewid"]) ? sanitize_text_field(wp_unslash($_REQUEST["cnpviewid"])) : '';+$act = isset($_REQUEST["cnpviewid"]) ? intval($_REQUEST["cnpviewid"]) : 0; if (!empty($act)) { global $wpdb; global $cnp_channelgrptable_name; global $cnp_channeltable_name; - $cnpviewid = isset($_GET['cnpviewid']) ? sanitize_text_field(wp_unslash($_GET['cnpviewid'])) : '';-+ //$cnpviewid = isset($_GET['cnpviewid']) ? sanitize_text_field(wp_unslash($_GET['cnpviewid'])) : '';+$cnpviewid = isset($_GET['cnpviewid']) ? intval($_GET['cnpviewid']) : 0; if (!empty($cnpviewid)) { $cnpfrmdtresult = CNPCF_GetCnPGroupDetails($cnp_channelgrptable_name, 'cnpchannelgrp_ID', $cnpviewid);
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - channelAdd.php Lines 5, 32, 45
Old Code:
$addform = !empty($_POST["addchannelval"]) ? sanitize_text_field(wp_unslash($_POST["addchannelval"])) : '';
$act = !empty($_REQUEST["cnpviewid"]) ? sanitize_text_field(wp_unslash($_REQUEST["cnpviewid"])) : '';
$cnpviewid = isset($_GET['cnpviewid']) ? sanitize_text_field(wp_unslash($_GET['cnpviewid'])) : '';
Fixed Code:
$addform = isset($_POST["addchannelval"]) ? intval($_POST["addchannelval"]) : 0;
$act = isset($_REQUEST["cnpviewid"]) ? intval($_REQUEST["cnpviewid"]) : 0;
$cnpviewid = isset($_GET['cnpviewid']) ? intval($_GET['cnpviewid']) : 0;
Explanation:
The old code used `sanitize_text_field()` which is insufficient for numeric values used in SQL queries. While it helps with general sanitization, it doesn't guarantee the value is an integer. An attacker could potentially inject SQL through these parameters. The fixed code uses `intval()` which ensures the values are converted to integers, making them safe for use in SQL queries (e.g., in WHERE clauses like `'cnpchannelgrp_ID', $cnpviewid`). This prevents SQL injection by type casting to integer.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - channelAdd.php Lines 5, 32, 45
Old Code:
$addform = !empty($_POST["addchannelval"]) ? sanitize_text_field(wp_unslash($_POST["addchannelval"])) : '';
$act = !empty($_REQUEST["cnpviewid"]) ? sanitize_text_field(wp_unslash($_REQUEST["cnpviewid"])) : '';
$cnpviewid = isset($_GET['cnpviewid']) ? sanitize_text_field(wp_unslash($_GET['cnpviewid'])) : '';
Fixed Code:
$addform = isset($_POST["addchannelval"]) ? intval($_POST["addchannelval"]) : 0;
$act = isset($_REQUEST["cnpviewid"]) ? intval($_REQUEST["cnpviewid"]) : 0;
$cnpviewid = isset($_GET['cnpviewid']) ? intval($_GET['cnpviewid']) : 0;
Explanation:
The old code performed weak input validation by only checking if the input is not empty and applying text sanitization. This doesn't ensure the input is of the expected numeric type. The fixed code properly validates and enforces integer type by using `intval()`, which is more appropriate for numeric IDs used in database operations.
CVE Analysis Results:
CVE-2025-28983: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.
[CVE-2025-28983] [Click & Pledge CONNECT: 25.04010101-WP6.8→25.07000000-WP6.8.1] clickandpledge_form.php
AI: 10 vulnerabilities
1 false positive, 9 true positives
CVE-2025-28983
--- cache/click-pledge-connect_25.04010101-WP6.8/clickandpledge_form.php 2025-12-04 14:05:22.232406141 +0000+++ cache/click-pledge-connect_25.07000000-WP6.8.1/clickandpledge_form.php 2025-12-04 14:05:24.624559695 +0000@@ -3,12 +3,13 @@ Plugin Name: Click & Pledge Connect Plugin URI: https://manual.clickandpledge.com/ Description: The Click & Pledge CONNECT plugin provides a flexible and easy to add process for adding CONNECT forms to any WordPress template.-Version:25.04010101-WP6.8+Version: 25.07000000-WP6.8.1 Author: Click & Pledge+Text Domain: click-pledge-connect Author URI: https://www.clickandpledge.com+License: GPLv2 or later+License URI: https://www.gnu.org/licenses/gpl-2.0.html */--error_reporting(E_ALL); global $cnp_table_name; global $wpdb; global $cnp_formtable_name;@@ -35,21 +36,26 @@ if ( ! function_exists( 'get_plugins' ) ) { require_once ABSPATH . 'wp-admin/includes/plugin.php'; }-$wpcnp_version = '25.04010101-WP6.8';+$wpcnp_version = '25.07000000-WP6.8'; $all_plugins = get_plugins(); -foreach ( array_keys( $all_plugins ) as $plugin_candidate ) { - if ( $plugin_candidate === "click-pledge-connect/clickandpledge_form.php" ) {- - if($wpcnp_version < $all_plugins[$plugin_candidate]['Version']) {- $alertvar = "CRITICAL UPDATE: There is a new version of <strong>Click & Pledge Connect</strong> plugin. Please <a href='plugins.php'>Update Now<a>";- ?>- <div class="error notice">- <p><?php _e( $alertvar, 'my_plugin_textdomain'); ?></p>- </div>- <?php }- break;- }+foreach ( array_keys( $all_plugins ) as $plugin_candidate ) {+ if ( $plugin_candidate === "click-pledge-connect/clickandpledge_form.php" ) {++ if ( version_compare( $wpcnp_version, $all_plugins[$plugin_candidate]['Version'], '<' ) ) {+ $alertvar = __(+ "CRITICAL UPDATE: There is a new version of <strong>Click & Pledge Connect</strong> plugin. Please <a href='plugins.php'>Update Now</a>",+ 'click-pledge-connect'+ );+ ?>+ <div class="error notice">+ <p><?php echo wp_kses_post( $alertvar ); ?></p>+ </div>+ <?php+ }++ break;+ } } } add_action( 'admin_notices', 'cnpconnect_update_notice' );@@ -92,7 +98,7 @@ define( 'CNP_CF_PLUGIN_PATH', plugin_dir_path( __FILE__ ) ); define( 'CNP_CF_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); define( 'CFCNP_PLUGIN_NAME', basename(dirname(__FILE__)) );-define( 'CFCNP_PLUGIN_CURRENTTIME',date("Y-m-d H:i:00",$blogtime));+define( 'CFCNP_PLUGIN_CURRENTTIME', gmdate("Y-m-d H:i:00", $blogtime) ); define( 'CFCNP_PLUGIN_CURRENTDATETIMEFORMAT',$wp_dateformat." ".$wp_timeformat); /* When plugin is activated */@@ -116,35 +122,42 @@ 'cnpform_urlparameters' ) );+$expected_table = $wpdb->prefix . 'cnp_formsdtl'; - if ((int) $check_column === 0) {- $wpdb->query(- "ALTER TABLE $cnp_formtable_name ADD COLUMN `cnpform_urlparameters` TEXT NOT NULL"- );- }+if ( $cnp_formtable_name === $expected_table && (int) $check_column === 0 ) {+ $query = "ALTER TABLE `$expected_table` ADD COLUMN `cnpform_urlparameters` TEXT NOT NULL";+ $wpdb->query( $query );+}+ - if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_channelgrptable_name}'") != $cnp_channelgrptable_name) {- $sql = "CREATE TABLE $cnp_channelgrptable_name (- cnpchannelgrp_ID INT(9) NOT NULL AUTO_INCREMENT,- cnpchannelgrp_groupname VARCHAR(250) NOT NULL,- cnpchannelgrp_cnpstngs_ID INT(15) NOT NULL,- cnpchannelgrp_shortcode TEXT,- cnpchannelgrp_custommsg VARCHAR(250) NOT NULL,- cnpchannelgrp_channel_StartDate DATETIME NOT NULL,- cnpchannelgrp_channel_EndDate DATETIME NOT NULL,- cnpchannelgrp_status CHAR(1) DEFAULT 'a',- cnpchannelgrp_Date_Created DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',- cnpchannelgrp_Date_Modified DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',- PRIMARY KEY (cnpchannelgrp_ID),- KEY cnpfrm_id (cnpchannelgrp_ID)- ) ENGINE=InnoDB DEFAULT CHARSET=utf8;";- require_once ABSPATH . 'wp-admin/includes/upgrade.php';- dbDelta($sql);- }+ $table_exists = $wpdb->get_var(+ $wpdb->prepare( "SHOW TABLES LIKE %s", $cnp_channelgrptable_name )+);++if ( $table_exists !== $cnp_channelgrptable_name ) {+ $sql = "CREATE TABLE $cnp_channelgrptable_name (+ cnpchannelgrp_ID INT(9) NOT NULL AUTO_INCREMENT,+ cnpchannelgrp_groupname VARCHAR(250) NOT NULL,+ cnpchannelgrp_cnpstngs_ID INT(15) NOT NULL,+ cnpchannelgrp_shortcode TEXT,+ cnpchannelgrp_custommsg VARCHAR(250) NOT NULL,+ cnpchannelgrp_channel_StartDate DATETIME NOT NULL,+ cnpchannelgrp_channel_EndDate DATETIME NOT NULL,+ cnpchannelgrp_status CHAR(1) DEFAULT 'a',+ cnpchannelgrp_Date_Created DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ cnpchannelgrp_Date_Modified DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ PRIMARY KEY (cnpchannelgrp_ID),+ KEY cnpfrm_id (cnpchannelgrp_ID)+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;";++ require_once ABSPATH . 'wp-admin/includes/upgrade.php';+ dbDelta( $sql );+}+ - if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_channeltable_name}'") != $cnp_channeltable_name) {+ if ( $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE %s", $cnp_channeltable_name ) ) !== $cnp_channeltable_name ) { $sql = "CREATE TABLE $cnp_channeltable_name ( cnpchannel_id INT(15) NOT NULL AUTO_INCREMENT, cnpchannel_cnpchannelgrp_ID INT(15) NOT NULL,@@ -161,8 +174,7 @@ dbDelta($sql); } - - if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_formtable_name}'") != $cnp_formtable_name) {+ if ( $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE %s", $cnp_formtable_name ) ) !== $cnp_formtable_name ) { $sql = "CREATE TABLE $cnp_formtable_name ( cnpform_id INT(15) NOT NULL AUTO_INCREMENT, cnpform_cnpform_ID INT(15) NOT NULL,@@ -181,8 +193,8 @@ dbDelta($sql); } - - if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_table_name}'") != $cnp_table_name) {+ if ( $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE %s", $cnp_table_name ) ) !== $cnp_table_name ) {+ $sql = "CREATE TABLE $cnp_table_name ( cnpform_ID INT(9) NOT NULL AUTO_INCREMENT, cnpform_groupname VARCHAR(250) NOT NULL,@@ -208,7 +220,7 @@ } - if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_settingtable_name}'") != $cnp_settingtable_name) {+ if ( $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE %s", $cnp_settingtable_name ) ) !== $cnp_settingtable_name ) { $sql = "CREATE TABLE $cnp_settingtable_name ( cnpstngs_ID INT(9) NOT NULL AUTO_INCREMENT, cnpstngs_frndlyname VARCHAR(250) NOT NULL,@@ -296,14 +308,15 @@ </tr>'; } - echo $cnptblresltdsply;+ echo esc_html($cnptblresltdsply); } else { echo '<tr><td colspan="4">No channels found.</td></tr>'; } } } catch (Exception $e) { // Log error and output a friendly error message- error_log('SOAP Error: ' . $e->getMessage());+ + // error_log('SOAP Error: ' . $e->getMessage()); echo '<tr><td colspan="4">An error occurred while fetching data. Please try again later.</td></tr>'; } } else {@@ -316,8 +329,8 @@ /* Admin Page setup */ function CNP_Plugin_Menu() { global $CNP_Menu_page;- $CNP_Menu_page = add_menu_page(__('Click & Pledge'),'Click & Pledge', 8,'cnpcf_formshelp', 'cnpcf_formshelp');- + $CNP_Menu_page = add_menu_page(__('Click & Pledge', 'click-pledge-connect'),'Click & Pledge', 8,'cnpcf_formshelp','cnpcf_formshelp');+ $cnpsettingscount = CNPCF_getAccountNumbersCount(); if($cnpsettingscount > 0){ $CNP_Menu_page = add_submenu_page('cnpcf_formshelp','CONNECT Forms','Form', 8,'CNP_formsdetails', 'CNP_formsdetails');@@ -355,7 +368,7 @@ return; $args = array(- 'label' => __('Products per page', 'UPCP'),+ 'label' => __('Products per page', 'click-pledge-connect'), 'default' => 20, 'option' => 'cnp_products_per_page' );@@ -386,84 +399,61 @@ return $whitelist; } function Add_CNP_Scripts() {- -- if (isset($_GET['page']) && ($_GET['page'] == 'cnpform_add' || $_GET['page'] == 'cnps_addchannel' || $_GET['page'] == 'cnpforms_add' || $_GET['page'] == 'cnp_formssettings') )- {- $jsurl = plugins_url(CFCNP_PLUGIN_NAME."/js/Admin.js");- wp_enqueue_script('Page-Builder', $jsurl, array('jquery'));-- if($_GET['page'] == 'cnpforms_add' || $_GET['page'] == 'cnps_addchannel')- {- $datamomentjsurl = plugins_url(CFCNP_PLUGIN_NAME."/js/moment.js");- wp_enqueue_script('Page-Moment', $datamomentjsurl);- $bootstrapminurl = plugins_url(CFCNP_PLUGIN_NAME."/js/bootstrap.min.js");-- wp_enqueue_script('Page-Calendar', $bootstrapminurl, array('jquery'));- -- $bootstrapdtpkrminurl = plugins_url(CFCNP_PLUGIN_NAME."/js/bootstrap-datetimepicker.min.js");- wp_enqueue_script('Page-DatePickermin', $bootstrapdtpkrminurl, array('jquery'));-- $databtstrapmincssurl = plugins_url(CFCNP_PLUGIN_NAME."/css/bootstrap.min.css");- wp_enqueue_style('Page-calcss', $databtstrapmincssurl);--- $datadtpkrmincssurl = plugins_url(CFCNP_PLUGIN_NAME."/css/bootstrap-datetimepicker.min.css");- wp_enqueue_style('Page-dtpkrmincss', $datadtpkrmincssurl);-- $datadtpkrstandalonecssurl = plugins_url(CFCNP_PLUGIN_NAME."/css/bootstrap-datetimepicker-standalone.css");- wp_enqueue_style('Page-standalonecss', $datadtpkrstandalonecssurl);- }- }+ if (!current_user_can('manage_options')) {+ return; // restrict to admins or suitable capability+ } - $datatableurl = plugins_url(CFCNP_PLUGIN_NAME."/js/jquery.dataTables.min.js");- wp_enqueue_script('Page-Table', $datatableurl, array('jquery'));- /*$datadialougeurl = plugins_url(CFCNP_PLUGIN_NAME."/js/jquery-ui.js");- wp_enqueue_script('Page-dialoge', $datadialougeurl, array('jquery'));*/- $datatablecssurl = plugins_url(CFCNP_PLUGIN_NAME."/css/cnptable.css");- wp_enqueue_style('Page-Tablecss', $datatablecssurl);- $datatabledcssurl = plugins_url(CFCNP_PLUGIN_NAME."/css/jquery.dataTables.min.css");- wp_enqueue_style('Page-Tablescss', $datatabledcssurl);+ $page = isset($_GET['page']) ? sanitize_text_field($_GET['page']) : '';+ $act = isset($_GET['act']) ? sanitize_text_field($_GET['act']) : ''; - $datatablefontcssurl = "https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css";- wp_enqueue_style('Page-Fontcss', $datatablefontcssurl);- - if (isset($_GET['page']) && ($_GET['page'] == 'cnp_formsdetails') )- {- wp_add_inline_script( 'jquery-migrate', 'jQuery(document).ready(function(){- jQuery("#cnpformslist").dataTable();- jQuery("tr:even").css("background-color", "#f1f1f1");-- });- ');}- if (isset($_GET['page']) && ($_GET['page'] == 'cnpforms_add' || $_GET['page'] == 'cnps_addchannel') && ($_GET['act'] == 'add' || $_GET['act'] == 'edit'|| !isset($_GET['act']) ))- {- if($_GET['act'] == 'add' || !isset($_GET['act'])){+ if ( in_array($page, ['cnpform_add', 'cnps_addchannel', 'cnpforms_add', 'cnp_formssettings'], true) ) {+ $jsurl = plugins_url(CFCNP_PLUGIN_NAME."/js/Admin.js");+ wp_enqueue_script('Page-Builder', esc_url($jsurl), ['jquery']); - + if ( $page === 'cnpforms_add' || $page === 'cnps_addchannel' ) {+ wp_enqueue_script('Page-Moment', esc_url(plugins_url(CFCNP_PLUGIN_NAME."/js/moment.js")));+ wp_enqueue_script('Page-Calendar', esc_url(plugins_url(CFCNP_PLUGIN_NAME."/js/bootstrap.min.js")), ['jquery']);+ wp_enqueue_script('Page-DatePickermin', esc_url(plugins_url(CFCNP_PLUGIN_NAME."/js/bootstrap-datetimepicker.min.js")), ['jquery']); - - - }- elseif($_GET['act'] == 'edit'){- - }- }+ wp_enqueue_style('Page-calcss', esc_url(plugins_url(CFCNP_PLUGIN_NAME."/css/bootstrap.min.css")));+ wp_enqueue_style('Page-dtpkrmincss', esc_url(plugins_url(CFCNP_PLUGIN_NAME."/css/bootstrap-datetimepicker.min.css")));+ wp_enqueue_style('Page-standalonecss', esc_url(plugins_url(CFCNP_PLUGIN_NAME."/css/bootstrap-datetimepicker-standalone.css")));+ }+ } + wp_enqueue_script('Page-Table', esc_url(plugins_url(CFCNP_PLUGIN_NAME."/js/jquery.dataTables.min.js")), ['jquery']);+ wp_enqueue_style('Page-Tablecss', esc_url(plugins_url(CFCNP_PLUGIN_NAME."/css/cnptable.css")));+ wp_enqueue_style('Page-Tablescss', esc_url(plugins_url(CFCNP_PLUGIN_NAME."/css/jquery.dataTables.min.css")));+ wp_enqueue_style('Page-Fontcss', esc_url("https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"));++ if ($page === 'cnp_formsdetails') {+ wp_add_inline_script( 'jquery-migrate', 'jQuery(document).ready(function(){+ jQuery("#cnpformslist").dataTable();+ jQuery("tr:even").css("background-color", "#f1f1f1");+ });');+ }++ if ( ($page === 'cnpforms_add' || $page === 'cnps_addchannel') && in_array($act, ['add', 'edit', ''], true) ) {+ if ($act === 'add' || $act === '') {+ // Your add logic here+ } elseif ($act === 'edit') {+ // Your edit logic here+ }+ } } -require(dirname(__FILE__) . '/Functions/Install_CNP.php');-require(dirname(__FILE__) . '/Functions/functionscnp.php');-require(dirname(__FILE__) . '/cnpSettings.php');-require(dirname(__FILE__) . '/cnpFormDetails.php');-require(dirname(__FILE__) . '/FormDetails.php');-require(dirname(__FILE__) . '/FormAdd.php');-require(dirname(__FILE__) . '/cnphelpmanual.php');-require(dirname(__FILE__) . '/cnpPledgeTVDetails.php');-require(dirname(__FILE__) . '/cnptvchannelsDetails.php');-require(dirname(__FILE__) . '/channelAdd.php');-require(dirname(__FILE__) . '/ChannelDetails.php');++require(__DIR__ . '/Functions/Install_CNP.php');+require(__DIR__ . '/Functions/functionscnp.php');+require(__DIR__ . '/cnpSettings.php');+require(__DIR__. '/cnpFormDetails.php');+require(__DIR__. '/FormDetails.php');+require(__DIR__ . '/FormAdd.php');+require(__DIR__ . '/cnphelpmanual.php');+require(__DIR__ . '/cnpPledgeTVDetails.php');+require(__DIR__ . '/cnptvchannelsDetails.php');+require(__DIR__. '/channelAdd.php');+require(__DIR__. '/ChannelDetails.php'); function CNPCF_friendlyname() { global $wpdb, $cnp_settingtable_name; @@ -618,8 +608,12 @@ global $cnp_table_name; global $rtrnstr; +$grpfrmkey = isset($frmid[0]) ? sanitize_text_field($frmid[0]) : ''; -$chkshortcodexit = CNPCF_isExistShortcode($frmid[0]);+ if (empty($grpfrmkey)) {+ return 'Invalid.';+ }+$chkshortcodexit = CNPCF_isExistShortcode($grpfrmkey); if ($chkshortcodexit) { @@ -667,7 +661,7 @@ if ($mimeType === 'image/jpg') { $mimeType = 'image/jpeg'; }-$rtrnstrarr .= '<img class="CnP_formlink" src="data:' . $mimeType . ';base64,' . base64_encode($blobData) . '" data-guid="' . $formid[$frminc] . '" style="cursor: pointer;">';+$rtrnstrarr .= '<img class="CnP_formlink" src="data:' . esc_attr($mimeType) . ';base64,' . base64_encode($blobData) . '" data-guid="' . $formid[$frminc] . '" style="cursor: pointer;">'; } }@@ -675,11 +669,11 @@ return $rtrnstrarr; } else {- $rtrnstr = CNPCF_getGroupCustomerrmsg($frmid[0]);+ $rtrnstr = esc_html(CNPCF_getGroupCustomerrmsg($frmid[0])); return $rtrnstr; } } else {- $rtrnstr = CNPCF_getGroupCustomerrmsg($frmid[0]);+ $rtrnstr = esc_html(CNPCF_getGroupCustomerrmsg($frmid[0])); return $rtrnstr; } @@ -745,7 +739,7 @@ } }-function cnpform_GetPledgeTVChannelShortCode($chanelid){+/*function cnpform_GetPledgeTVChannelShortCode($chanelid){ global $wpdb; global $cnp_table_name;@@ -780,63 +774,75 @@ $tvrtrnstr.='<div '.$attrs .'></div>'; return $tvrtrnstr;-}+}*/ add_shortcode('CnPConnect','cnpform_GetShortCode'); add_shortcode('CnP.Form','cnpform_GetShortCode'); add_shortcode('CnP.pledgeTV','cnpform_GetPledgeTVChannelsShortCode');-function cnpadddatetimepicker(){- if (isset($_GET['page']) && ($_GET['page'] == 'cnpforms_add' || $_GET['page'] == 'cnps_addchannel') && ($_GET['act'] == 'add' || $_GET['act'] == 'edit'|| !isset($_GET['act']) ))- {- if($_GET['act'] == 'add' || !isset($_GET['act'])){- ?>- <script>- jQuery(function () {- - jQuery("#txtcnpformstrtdt").datetimepicker({format: '<?php echo CFCNP_PLUGIN_CURRENTDATETIMEFORMAT; ?>',defaultDate:new Date()});- jQuery("#txtcnpformenddt").datetimepicker({format: '<?php echo CFCNP_PLUGIN_CURRENTDATETIMEFORMAT; ?>'});- jQuery("#txtcnpformstrtdt1").datetimepicker({format: '<?php echo CFCNP_PLUGIN_CURRENTDATETIMEFORMAT; ?>'});- jQuery("#txtcnpformenddt1").datetimepicker({format: '<?php echo CFCNP_PLUGIN_CURRENTDATETIMEFORMAT; ?>'});- - jQuery("#txtcnpchnlstrtdt").datetimepicker({format: '<?php echo CFCNP_PLUGIN_CURRENTDATETIMEFORMAT; ?>',defaultDate:new Date()});- jQuery("#txtcnpchnlenddt").datetimepicker({format: '<?php echo CFCNP_PLUGIN_CURRENTDATETIMEFORMAT; ?>'});- jQuery("#txtcnpchnlstrtdt1").datetimepicker({format: '<?php echo CFCNP_PLUGIN_CURRENTDATETIMEFORMAT; ?>'});- jQuery("#txtcnpchnlenddt1").datetimepicker({format: '<?php echo CFCNP_PLUGIN_CURRENTDATETIMEFORMAT; ?>'});- - });- </script>- <?php- }}- }+function cnpadddatetimepicker() {+ + $page = isset($_GET['page']) ? sanitize_key($_GET['page']) : '';+ $act = isset($_GET['act']) ? sanitize_key($_GET['act']) : '';++ + if (($page === 'cnpforms_add' || $page === 'cnps_addchannel') && + ($act === 'add' || $act === 'edit' || empty($act))) {++ if ($act === 'add' || empty($act)) {+ ?>+ <script>+ jQuery(function () {+ const format = "<?php echo esc_js(CFCNP_PLUGIN_CURRENTDATETIMEFORMAT); ?>";+ jQuery("#txtcnpformstrtdt").datetimepicker({ format: format, defaultDate: new Date() });+ jQuery("#txtcnpformenddt").datetimepicker({ format: format });+ jQuery("#txtcnpformstrtdt1").datetimepicker({ format: format });+ jQuery("#txtcnpformenddt1").datetimepicker({ format: format });++ jQuery("#txtcnpchnlstrtdt").datetimepicker({ format: format, defaultDate: new Date() });+ jQuery("#txtcnpchnlenddt").datetimepicker({ format: format });+ jQuery("#txtcnpchnlstrtdt1").datetimepicker({ format: format });+ jQuery("#txtcnpchnlenddt1").datetimepicker({ format: format });+ });+ </script>+ <?php+ }+ }+}+ add_action('admin_footer', 'cnpadddatetimepicker',1000); function cnphook_js() {- echo '<div style="display:none;"><input type="hidden" name="cnpversion" id="cnpversion" value="25.04010101-WP6.8" /></div>';- ?>- - <script>- - var list = document.getElementsByTagName('script');- var i = list.length, flag = false;- while (i--) { - if (list[i].src === 'https://resources.connect.clickandpledge.com/Library/iframe-1.0.0.min.js') {- flag = true;- break;- }- }+ $version = '25.07000000-WP6.8.1'; // plugin version+ $safe_version = esc_attr($version);+ ?>+ <div style="display:none;">+ <input type="hidden" name="cnpversion" id="cnpversion" value="<?php echo esc_html($safe_version); ?>" />+ </div>++ <script>+ (function() {+ var list = document.getElementsByTagName('script');+ var i = list.length, flag = false;++ while (i--) {+ if (list[i].src === 'https://resources.connect.clickandpledge.com/Library/iframe-1.0.0.min.js') {+ flag = true;+ break;+ }+ }++ if (!flag) {+ var tag = document.createElement('script');+ tag.className = 'CnP_formloader'; // fixed assignment bug+ tag.src = 'https://resources.connect.clickandpledge.com/Library/iframe-1.0.0.min.js';+ document.body.appendChild(tag);+ }+ })();+ </script>+ <?php+} - if (!flag) {- var tag = document.createElement('script');- - tag.class ='CnP_formloader';- tag.src = 'https://resources.connect.clickandpledge.com/Library/iframe-1.0.0.min.js';- document.getElementsByTagName('body')[0].appendChild(tag);- }- - </script>- <?php- } ?>\ No newline at end of file
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - File clickandpledge_form.php Lines 49-53
Old Code:
```php
$alertvar = "CRITICAL UPDATE: There is a new version of <strong>Click & Pledge Connect</strong> plugin. Please <a href='plugins.php'>Update Now<a>";
?>
<div class="error notice">
<p><?php _e( $alertvar, 'my_plugin_textdomain'); ?></p>
</div>
```
Fixed Code:
```php
$alertvar = __(
"CRITICAL UPDATE: There is a new version of <strong>Click & Pledge Connect</strong> plugin. Please <a href='plugins.php'>Update Now</a>",
'click-pledge-connect'
);
?>
<div class="error notice">
<p><?php echo wp_kses_post( $alertvar ); ?></p>
</div>
```
Explanation:
The old code directly output unsanitized HTML from a variable using `_e()` (which echoes translated text), potentially allowing XSS if the translation string were compromised. The fix uses `wp_kses_post()` to sanitize HTML content before output, ensuring only safe HTML tags are rendered.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - File clickandpledge_form.php Lines 124-126
Old Code:
```php
if ((int) $check_column === 0) {
$wpdb->query(
"ALTER TABLE $cnp_formtable_name ADD COLUMN `cnpform_urlparameters` TEXT NOT NULL"
);
}
```
Fixed Code:
```php
$expected_table = $wpdb->prefix . 'cnp_formsdtl';
if ( $cnp_formtable_name === $expected_table && (int) $check_column === 0 ) {
$query = "ALTER TABLE `$expected_table` ADD COLUMN `cnpform_urlparameters` TEXT NOT NULL";
$wpdb->query( $query );
}
```
Explanation:
The old code directly interpolated `$cnp_formtable_name` into an SQL query without validation, risking SQL injection if the variable were controlled by an attacker. The fix validates that the table name matches an expected value (`$wpdb->prefix . 'cnp_formsdtl'`) before using it, though it still uses string interpolation. However, since the table name is now validated against a known safe value, the risk is mitigated.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - File clickandpledge_form.php Lines 130-132
Old Code:
```php
if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_channelgrptable_name}'") != $cnp_channelgrptable_name) {
```
Fixed Code:
```php
$table_exists = $wpdb->get_var(
$wpdb->prepare( "SHOW TABLES LIKE %s", $cnp_channelgrptable_name )
);
if ( $table_exists !== $cnp_channelgrptable_name ) {
```
Explanation:
The old code used string interpolation to embed `$cnp_channelgrptable_name` into an SQL query, which could allow SQL injection if the variable were maliciously crafted. The fix uses `$wpdb->prepare()` with a `%s` placeholder to properly escape the table name, neutralizing SQL injection risks.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - File clickandpledge_form.php Lines 308
Old Code:
```php
echo $cnptblresltdsply;
```
Fixed Code:
```php
echo esc_html($cnptblresltdsply);
```
Explanation:
The old code directly echoed `$cnptblresltdsply` without sanitization, which could contain user-controlled data leading to XSS. The fix uses `esc_html()` to escape HTML entities, preventing script execution in the output.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - File clickandpledge_form.php Lines 403-406
Old Code:
```php
if (isset($_GET['page']) && ($_GET['page'] == 'cnpform_add' || $_GET['page'] == 'cnps_addchannel' || $_GET['page'] == 'cnpforms_add' || $_GET['page'] == 'cnp_formssettings') )
{
$jsurl = plugins_url(CFCNP_PLUGIN_NAME."/js/Admin.js");
wp_enqueue_script('Page-Builder', $jsurl, array('jquery'));
```
Fixed Code:
```php
$page = isset($_GET['page']) ? sanitize_text_field($_GET['page']) : '';
$act = isset($_GET['act']) ? sanitize_text_field($_GET['act']) : '';
if ( in_array($page, ['cnpform_add', 'cnps_addchannel', 'cnpforms_add', 'cnp_formssettings'], true) ) {
$jsurl = plugins_url(CFCNP_PLUGIN_NAME."/js/Admin.js");
wp_enqueue_script('Page-Builder', esc_url($jsurl), ['jquery']);
```
Explanation:
The old code used unsanitized `$_GET['page']` and `$_GET['act']` values directly in conditionals and for constructing URLs, which could lead to XSS or other injection attacks if malicious values were reflected or used. The fix sanitizes these inputs with `sanitize_text_field()` and uses `esc_url()` for the script URL, reducing the risk of XSS.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - File clickandpledge_form.php Lines 661
Old Code:
```php
$rtrnstrarr .= '<img class="CnP_formlink" src="data:' . $mimeType . ';base64,' . base64_encode($blobData) . '" data-guid="' . $formid[$frminc] . '" style="cursor: pointer;">';
```
Fixed Code:
```php
$rtrnstrarr .= '<img class="CnP_formlink" src="data:' . esc_attr($mimeType) . ';base64,' . base64_encode($blobData) . '" data-guid="' . $formid[$frminc] . '" style="cursor: pointer;">';
```
Explanation:
The old code concatenated `$mimeType` directly into an HTML attribute without escaping, which could allow XSS if `$mimeType` contained malicious characters (e.g., quotes to break out of the attribute). The fix uses `esc_attr()` to escape the MIME type for safe use in an HTML attribute.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - File clickandpledge_form.php Lines 669, 673
Old Code:
```php
$rtrnstr = CNPCF_getGroupCustomerrmsg($frmid[0]);
return $rtrnstr;
```
Fixed Code:
```php
$rtrnstr = esc_html(CNPCF_getGroupCustomerrmsg($frmid[0]));
return $rtrnstr;
```
Explanation:
The old code returned a message from `CNPCF_getGroupCustomerrmsg()` without sanitization, which could contain user-controlled data leading to XSS. The fix uses `esc_html()` to escape the output, preventing script execution.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - File clickandpledge_form.php Lines 780-781
Old Code:
```php
function cnpadddatetimepicker(){
if (isset($_GET['page']) && ($_GET['page'] == 'cnpforms_add' || $_GET['page'] == 'cnps_addchannel') && ($_GET['act'] == 'add' || $_GET['act'] == 'edit'|| !isset($_GET['act']) ))
{
if($_GET['act'] == 'add' || !isset($_GET['act'])){
```
Fixed Code:
```php
function cnpadddatetimepicker() {
$page = isset($_GET['page']) ? sanitize_key($_GET['page']) : '';
$act = isset($_GET['act']) ? sanitize_key($_GET['act']) : '';
if (($page === 'cnpforms_add' || $page === 'cnps_addchannel') &&
($act === 'add' || $act === 'edit' || empty($act))) {
if ($act === 'add' || empty($act)) {
```
Explanation:
The old code used unsanitized `$_GET['page']` and `$_GET['act']` in conditionals, which could be exploited for XSS if the values were reflected elsewhere. The fix sanitizes these inputs with `sanitize_key()` (which restricts to alphanumeric, underscore, and dash characters) and uses strict comparisons, reducing the risk of injection.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - File clickandpledge_form.php Lines 788
Old Code:
```php
jQuery("#txtcnpformstrtdt").datetimepicker({format: '<?php echo CFCNP_PLUGIN_CURRENTDATETIMEFORMAT; ?>',defaultDate:new Date()});
```
Fixed Code:
```php
const format = "<?php echo esc_js(CFCNP_PLUGIN_CURRENTDATETIMEFORMAT); ?>";
jQuery("#txtcnpformstrtdt").datetimepicker({ format: format, defaultDate: new Date() });
```
Explanation:
The old code directly output `CFCNP_PLUGIN_CURRENTDATETIMEFORMAT` into JavaScript without escaping, which could allow XSS if the constant contained malicious characters. The fix uses `esc_js()` to escape the string for safe use in a JavaScript context.
Vulnerability Existed: yes
FALSE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - File clickandpledge_form.php Lines 818
Old Code:
```php
echo '<div style="display:none;"><input type="hidden" name="cnpversion" id="cnpversion" value="25.04010101-WP6.8" /></div>';
```
Fixed Code:
```php
$version = '25.07000000-WP6.8.1'; // plugin version
$safe_version = esc_attr($version);
?>
<div style="display:none;">
<input type="hidden" name="cnpversion" id="cnpversion" value="<?php echo esc_html($safe_version); ?>" />
</div>
```
Explanation:
The old code hardcoded the version but didn't escape it when outputting in an HTML attribute. While the version is a constant, escaping is a best practice. The fix uses `esc_attr()` and `esc_html()` to ensure safe output, though the version is not user-controlled, so the risk is minimal. However, the change promotes secure coding practices.
CVE Analysis Results:
CVE-2025-28983: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.
[CVE-2025-28983] [Click & Pledge CONNECT: 25.04010101-WP6.8→25.07000000-WP6.8.1] cnpSettingmsgs.php
AI: 4 vulnerabilities
4 true positives
CVE-2025-28983
--- cache/click-pledge-connect_25.04010101-WP6.8/cnpSettingmsgs.php 2025-12-04 14:05:22.232406141 +0000+++ cache/click-pledge-connect_25.07000000-WP6.8.1/cnpSettingmsgs.php 2025-12-04 14:05:24.624559695 +0000@@ -1,69 +1,77 @@-<?php - define( 'CFCNP_PLUGIN_UID', "14059359-D8E8-41C3-B628-E7E030537905"); - define( 'CFCNP_PLUGIN_SKY', "5DC1B75A-7EFA-4C01-BDCD-E02C536313A3"); - -if(extension_loaded('soap')) { - - $connect = array('soap_version' => SOAP_1_1, 'trace' => 1, 'exceptions' => 0); - $client = new SoapClient('https://resources.connect.clickandpledge.com/wordpress/Auth2.wsdl', $connect); - - if(!isset($_REQUEST['verfication']) && isset($_REQUEST['AccountId_val']) && $_REQUEST['AccountId_val']!="" && isset($_REQUEST['AccountGUId_val']) && $_REQUEST['AccountGUId_val']!="") - { - - $accountid = $_REQUEST['AccountId_val']; - $accountguid = $_REQUEST['AccountGUId_val']; - $xmlr = new SimpleXMLElement("<GetAccountDetail></GetAccountDetail>"); - $xmlr->addChild('accountId', $accountid); - $xmlr->addChild('accountGUID', $accountguid); - $xmlr->addChild('username', CFCNP_PLUGIN_UID); - $xmlr->addChild('password', CFCNP_PLUGIN_SKY); - $response = $client->GetAccountDetail($xmlr); - - $responsearr = $response->GetAccountDetailResult->AccountNickName; - - echo $responsearr; - - - } - else if(isset($_REQUEST['verfication']) && isset($_REQUEST['AccountId_val']) && $_REQUEST['AccountId_val']!="" && isset($_REQUEST['AccountGUId_val']) && $_REQUEST['AccountGUId_val']!="") - { global $wpdb; - if (@file_exists(dirname(dirname(dirname(dirname(__FILE__))))."/wp-config.php")) - { define( 'BLOCK_LOAD', true ); - require_once(dirname(dirname(dirname(dirname(__FILE__))))."/wp-config.php"); - require_once( dirname(dirname(dirname(dirname(__FILE__)))).'/wp-includes/wp-db.php' ); - $wpdb = new wpdb( DB_USER, DB_PASSWORD, DB_NAME, DB_HOST); - - } - $accountid = $_REQUEST['AccountId_val']; - $accountguid = $_REQUEST['AccountGUId_val']; - $xmlr = new SimpleXMLElement("<GetAccountDetail></GetAccountDetail>"); - $xmlr->addChild('accountId', $accountid); - $xmlr->addChild('accountGUID', $accountguid); - $xmlr->addChild('username', CFCNP_PLUGIN_UID); - $xmlr->addChild('password', CFCNP_PLUGIN_SKY); - $response = $client->GetAccountDetail($xmlr); - - $responsearr = addslashes($response->GetAccountDetailResult->AccountNickName); - - if($responsearr!="") - { - $cnp_settingtable_name = $_REQUEST['cnptblnm']; - $current_time = date('Y-m-d H:i:s'); - $active =1; - - $sSQL = "UPDATE ".$cnp_settingtable_name." set - cnpstngs_frndlyname = '$responsearr', - cnpstngs_Date_Modified='$current_time' - where cnpstngs_ID ='".$_REQUEST['verfication']."'"; - $wpdb->query($sSQL); - echo "true";; - } - else{echo "False";} - - } - } -else{ - echo "SOAP"; -} - +<?php+ define( 'CFCNP_PLUGIN_UID', "14059359-D8E8-41C3-B628-E7E030537905");+ define( 'CFCNP_PLUGIN_SKY', "5DC1B75A-7EFA-4C01-BDCD-E02C536313A3");+ +if(extension_loaded('soap')) {++ $connect = array('soap_version' => SOAP_1_1, 'trace' => 1, 'exceptions' => 0);+ $client = new SoapClient('https://resources.connect.clickandpledge.com/wordpress/Auth2.wsdl', $connect);++ if(!isset($_REQUEST['verfication']) && isset($_REQUEST['AccountId_val']) && $_REQUEST['AccountId_val']!="" && isset($_REQUEST['AccountGUId_val']) && $_REQUEST['AccountGUId_val']!="")+ { + + $accountid = isset($_POST['AccountId_val']) ? intval($_POST['AccountId_val']) : 0;+ $accountguid = '';+if (isset($_POST['AccountGUId_val'])) {+ $accountguid = preg_replace('/[^a-zA-Z0-9_\-]/', '', $_POST['AccountGUId_val']);+} $xmlr = new SimpleXMLElement("<GetAccountDetail></GetAccountDetail>");+ $xmlr->addChild('accountId', $accountid);+ $xmlr->addChild('accountGUID', $accountguid);+ $xmlr->addChild('username', CFCNP_PLUGIN_UID);+ $xmlr->addChild('password', CFCNP_PLUGIN_SKY);+ $response = $client->GetAccountDetail($xmlr); ++ $responsearr = $response->GetAccountDetailResult->AccountNickName;+ + echo $responsearr;+ ++ }+ else if(isset($_REQUEST['verfication']) && isset($_REQUEST['AccountId_val']) && $_REQUEST['AccountId_val']!="" && isset($_REQUEST['AccountGUId_val']) && $_REQUEST['AccountGUId_val']!="")+ { + require_once( dirname(__FILE__, 4) . '/wp-load.php' );++$accountid = isset($_POST['AccountId_val']) ? intval($_POST['AccountId_val']) : 0;+$accountguid = '';+if (isset($_POST['AccountGUId_val'])) {+ $accountguid = preg_replace('/[^a-zA-Z0-9_\-]/', '', $_POST['AccountGUId_val']);+} + global $wpdb;+ $verfication = $_POST['verfication'];+ $xmlr = new SimpleXMLElement("<GetAccountDetail></GetAccountDetail>");+ $xmlr->addChild('accountId', $accountid);+ $xmlr->addChild('accountGUID', $accountguid);+ $xmlr->addChild('username', CFCNP_PLUGIN_UID);+ $xmlr->addChild('password', CFCNP_PLUGIN_SKY);+ $response = $client->GetAccountDetail($xmlr); ++ $responsearr = addslashes($response->GetAccountDetailResult->AccountNickName);+ + if($responsearr!="")+ {+ $cnp_settingtable_name = $wpdb->prefix . "cnp_settingsdtl";+ $current_time = date('Y-m-d H:i:s');+ $active =1;+ + $sSQL = $wpdb->prepare(+ "UPDATE $cnp_settingtable_name + SET cnpstngs_frndlyname = %s, + cnpstngs_Date_Modified = %s + WHERE cnpstngs_ID = %d",+ $responsearr,+ $current_time,+ intval($verfication)+ );++ $wpdb->query($sSQL);+ echo "true";;+ }+ else{echo "False";}+ + }+ }+else{+ echo "SOAP";+}+ ?>\ No newline at end of file
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - cnpSettingmsgs.php lines 53-54
Old Code:
```php
$sSQL = "UPDATE ".$cnp_settingtable_name." set
cnpstngs_frndlyname = '$responsearr',
cnpstngs_Date_Modified='$current_time'
where cnpstngs_ID ='".$_REQUEST['verfication']."'";
```
Fixed Code:
```php
$sSQL = $wpdb->prepare(
"UPDATE $cnp_settingtable_name
SET cnpstngs_frndlyname = %s,
cnpstngs_Date_Modified = %s
WHERE cnpstngs_ID = %d",
$responsearr,
$current_time,
intval($verfication)
);
```
Explanation:
The old code directly concatenated user input (`$_REQUEST['verfication']`) into an SQL query without sanitization, allowing SQL injection. The fixed code uses `$wpdb->prepare()` with proper placeholders and parameter binding, ensuring the input is safely escaped and typed (e.g., `%d` for integers).
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - cnpSettingmsgs.php lines 10-14, 31-35
Old Code:
```php
$accountid = $_REQUEST['AccountId_val'];
$accountguid = $_REQUEST['AccountGUId_val'];
```
Fixed Code:
```php
$accountid = isset($_POST['AccountId_val']) ? intval($_POST['AccountId_val']) : 0;
$accountguid = '';
if (isset($_POST['AccountGUId_val'])) {
$accountguid = preg_replace('/[^a-zA-Z0-9_\-]/', '', $_POST['AccountGUId_val']);
}
```
Explanation:
The old code used raw `$_REQUEST` input without validation, risking injection or type confusion. The fix validates and sanitizes inputs: `intval()` ensures `AccountId_val` is an integer, and `preg_replace` restricts `AccountGUId_val` to alphanumeric, underscore, and hyphen characters, preventing malicious payloads.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-829: Inclusion of Functionality from Untrusted Control Sphere - cnpSettingmsgs.php lines 28-29
Old Code:
```php
if (@file_exists(dirname(dirname(dirname(dirname(__FILE__))))."/wp-config.php"))
{ define( 'BLOCK_LOAD', true );
require_once(dirname(dirname(dirname(dirname(__FILE__))))."/wp-config.php");
require_once( dirname(dirname(dirname(dirname(__FILE__)))).'/wp-includes/wp-db.php' );
$wpdb = new wpdb( DB_USER, DB_PASSWORD, DB_NAME, DB_HOST);
}
```
Fixed Code:
```php
require_once( dirname(__FILE__, 4) . '/wp-load.php' );
```
Explanation:
The old code manually included WordPress core files and created a new `wpdb` instance, which could lead to incomplete WordPress environment setup or security bypass. The fix uses `wp-load.php`, which properly initializes WordPress with all security features (e.g., constants, database abstraction) and ensures the `$wpdb` global is correctly set.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - cnpSettingmsgs.php lines 49-50
Old Code:
```php
$cnp_settingtable_name = $_REQUEST['cnptblnm'];
```
Fixed Code:
```php
$cnp_settingtable_name = $wpdb->prefix . "cnp_settingsdtl";
```
Explanation:
The old code took the table name directly from user input (`$_REQUEST['cnptblnm']`), allowing an attacker to manipulate SQL queries or potentially execute commands. The fix hardcodes the table name using `$wpdb->prefix`, eliminating user control over the table identifier and preventing injection.
Vulnerability Existed: not sure
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - cnpSettingmsgs.php lines 1-2
Old Code:
```php
define( 'CFCNP_PLUGIN_UID', "14059359-D8E8-41C3-B628-E7E030537905");
define( 'CFCNP_PLUGIN_SKY', "5DC1B75A-7EFA-4C01-BDCD-E02C536313A3");
```
Fixed Code:
(No change—same constants remain)
Explanation:
The constants appear to be hardcoded credentials (UID and SKY) used for authentication with a SOAP service. While they are unchanged in the diff, hardcoding sensitive credentials in source code is generally risky (CWE-798). However, without context on whether these are intended to be public or if they were rotated, it's uncertain if this constitutes a vulnerability in this specific change.
CVE Analysis Results:
CVE-2025-28983: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.
[CVE-2025-31599] [Bulk Product Editor plugin allows you to create and edit your WooCommerce products and categories with Google Sheets.: 8.6→9.0] includes/categories.class.php
AI: 4 vulnerabilities
1 false positive, 3 true positives
CVE-2025-31599
--- cache/sync-wc-google_8.6/includes/categories.class.php 2025-12-04 14:05:20.396288280 +0000+++ cache/sync-wc-google_9.0/includes/categories.class.php 2025-12-04 14:05:22.184403060 +0000@@ -1,225 +1,164 @@ <?php-/**- * Google Sheet Categories Controller- * - * */ class WBPS_Categories {- + private static $ins = null;- - public static function __instance()- {- // create a new object if it doesn't exist.- is_null(self::$ins) && self::$ins = new self;- return self::$ins;- }- - - /**- * chunk [ [id], [row] ]- * */++ public static function __instance() {+ is_null(self::$ins) && self::$ins = new self;+ return self::$ins;+ }+ public static function sync($chunk, $general_settings) {- - try{- - /**- * Defined: class.formats.php- * 1. formatting each column data with wcgs_{$sheet_name}_data_{$key}- * 2. product meta columns handling- **/+ try { $categories = apply_filters('wcgs_sync_data_categories_before_processing', $chunk, $general_settings);- - // Preparing data for WC API+ $wcapi_data = [];- // Saving category name/id and row- $rowRef = array();- foreach($categories as $row_id => $row){- - $id = isset($row['id']) ? $row['id'] : '';+ $rowRef = [];++ foreach ($categories as $row_id => $row) {+ $id = isset($row['id']) ? intval($row['id']) : ''; $name = isset($row['name']) ? sanitize_key($row['name']) : '';- - if( $id != '' ) {- $wcapi_data['update'][] = $row; ++ if ($id) {+ $wcapi_data['update'][] = $row; $rowRef[$id] = $row_id;- }else{+ } else { $wcapi_data['create'][] = $row; $rowRef[$name] = $row_id; } }- - // wbps_logger_array($wcapi_data);- + $wcapi = new WBPS_WCAPI();- $result = $wcapi->batch_update_categories($wcapi_data, $rowRef);- if( is_wp_error($result) ) {++ if (is_wp_error($result)) { wp_send_json_error($result->get_error_message()); }- - // wbps_logger_array($result);+ return $result;- - } catch(Exception $e) {- - $response['status'] = "error";- $response['message'] = $e->getMessage();+ } catch (Exception $e) {+ return [+ 'status' => "error",+ 'message' => $e->getMessage()+ ]; }- }- - public static function fetch($header, $settings, $last_row){- - ++ public static function fetch($header, $settings, $last_row) { $chunk_size = 100;- $args_product_cat = ['taxonomy'=>'product_cat','hide_empty' => false];+ $args_product_cat = ['taxonomy' => 'product_cat', 'hide_empty' => false]; $total_cats = wp_count_terms($args_product_cat); $no_of_pages = floor($total_cats);- // wbps_logger_array($no_of_pages);- + $items = [];- - for($i=1; $i<=$no_of_pages; $i++){- - $args = apply_filters('wbps_export_categories_args',- ['per_page' => $chunk_size,- 'page' => $i]);- - // if request_args has ids then only select those ids- // if( isset($sheet_info['request_args']['ids']) ) {- // $args['include'] = $sheet_info['request_args']['ids'];- // }- - // if request_args has new_only then include only unlinked data- // if( isset($sheet_info['request_args']['new_only']) ) {- // $args['include'] = wbps_get_non_linked_categories_ids();- // // if new catesgory are synced then sync should be null to LINK- // $sync_data = '';- // }- - $args['include'] = self::get_syncable_category_ids();- - // wbps_logger_array($args);- - $request = new WP_REST_Request( 'GET', '/wc/v3/products/categories' );- $request->set_query_params( $args );- $response = rest_do_request( $request );- if ( $response->is_error() ) {- $error = $response->as_error();- return new WP_Error( 'wcapi_categories_fetch_error', $error->get_error_message() );++ for ($i = 1; $i <= $no_of_pages; $i++) {+ $args = apply_filters('wbps_export_categories_args', [+ 'per_page' => $chunk_size,+ 'page' => $i,+ 'include' => self::get_syncable_category_ids(),+ ]);++ $request = new WP_REST_Request('GET', '/wc/v3/products/categories');+ $request->set_query_params($args);+ $response = rest_do_request($request);++ if ($response->is_error()) {+ return new WP_Error('wcapi_categories_fetch_error', $response->as_error()->get_error_message()); }- + $items = array_merge($items, $response->get_data()); }- - // wbps_logger_array($items);+ $items = apply_filters('wbps_categories_list_before_syncback', $items);- $sortby_id = array_column($items, 'id'); array_multisort($sortby_id, SORT_ASC, $items);- + $header = array_fill_keys($header, ''); $header['sync'] = 'OK';- - $categories = array();- foreach($items as $item) {- // My Hero :)- $categories[] = array_replace($header, array_intersect_key($item, $header)); // replace only the wanted keys- }- - $categories = self::prepare_for_syncback($categories, $settings, $last_row);- - // wbps_logger_array($categories);- - // this hooks not being used in pluin now.- return apply_filters('wbps_categories_synback', $categories, $header, $settings, $last_row);++ $categories = array_map(function ($item) use ($header) {+ return array_replace($header, array_intersect_key($item, $header));+ }, $items);++ return apply_filters('wbps_categories_synback', self::prepare_for_syncback($categories, $settings, $last_row), $header, $settings, $last_row); }- - - public static function prepare_for_syncback($categories, $settings, $last_row){- ++ public static function prepare_for_syncback($categories, $settings, $last_row) { $categories_refined = []; $row = $last_row; $link_new_data = [];- foreach($categories as $cat) {- - if( isset($cat['image']) ) {++ foreach ($categories as $cat) {+ if (isset($cat['image'])) { $cat['image'] = apply_filters("wbps_categories_syncback_value_image", $cat['image'], 'image', $settings); }- - // Check if sync column meta exists- $wcgs_row_id = get_term_meta($cat['id'], 'wbps_row_id', true);- $wcgs_row_id = intval($wcgs_row_id);- if( $wcgs_row_id ) {++ $wcgs_row_id = intval(get_term_meta($cat['id'], 'wbps_row_id', true));++ if ($wcgs_row_id) { $categories_refined['update'][$wcgs_row_id] = array_values($cat);- }else{- $row = $row + 1;- $link_new_data[$row] = $cat['id'];+ } else {+ $row += 1;+ $link_new_data[$row] = intval($cat['id']); $categories_refined['create'][$row] = array_values($cat); } }- - // linking categories with row ids+ self::link_category_with_sheet($link_new_data);- return $categories_refined; }++ public static function link_category_with_sheet($row_catid) {+ if (empty($row_catid)) return; - public static function link_category_with_sheet($row_catid){- - if( count($row_catid) <= 0 ) return;- global $wpdb;- $termmeta_table = $wpdb->prefix.'termmeta';- - $wpsql = "INSERT INTO {$termmeta_table} (term_id,meta_key,meta_value) VALUES ";- $delqry = "DELETE FROM {$termmeta_table} WHERE term_id IN (";+ $termmeta_table = $wpdb->prefix . 'termmeta'; $metakey = 'wbps_row_id';- - foreach($row_catid as $row_id => $cat_id){- - - $metaval = $row_id;- $termid = $cat_id; // term id- - // Delete existing terms meta if any- $delqry .= "{$termid},";- // Term meta sql- $wpsql .= "({$termid}, '{$metakey}', '{$metaval}'),";- + + $term_ids = array_map('intval', array_values($row_catid));+ $delete_placeholders = implode(',', array_fill(0, count($term_ids), '%d'));+ + // Combine term_ids and metakey for prepare+ $delete_args = array_merge($term_ids, [$metakey]);+ + // Delete existing meta+ $wpdb->query(+ $wpdb->prepare(+ "DELETE FROM {$termmeta_table} WHERE term_id IN ($delete_placeholders) AND meta_key = %s",+ ...$delete_args+ )+ );+ + // Prepare insert query+ $values = [];+ $placeholders = [];+ foreach ($row_catid as $row_id => $cat_id) {+ $placeholders[] = "(%d, %s, %s)";+ $values[] = intval($cat_id);+ $values[] = $metakey;+ $values[] = strval($row_id); }- - // Delete query- $delqry = rtrim($delqry, ',');- $delqry .= ") AND meta_key='{$metakey}'";- $wpdb->query($delqry);- - //insert query- $wpsql = rtrim($wpsql, ',');- - // wbps_logger_array($wpsql);- - $wpdb->query($wpsql);- } - // get categories not linked+ $sql = "INSERT INTO {$termmeta_table} (term_id, meta_key, meta_value) VALUES " . implode(', ', $placeholders);+ $wpdb->query($wpdb->prepare($sql, ...$values));+ }++ public static function get_syncable_category_ids() {- global $wpdb;- $qry = "SELECT DISTINCT term_id FROM {$wpdb->prefix}term_taxonomy WHERE";- $qry .= " taxonomy = 'product_cat'";- // $qry .= " AND NOT EXISTS (SELECT * from {$wpdb->prefix}termmeta where {$wpdb->prefix}termmeta.term_id = {$wpdb->prefix}term_taxonomy.term_id AND {$wpdb->prefix}termmeta.meta_key = 'wbps_row_id');";- - $result = $wpdb->get_results($qry, ARRAY_N);- $result = array_map(function($c){- return $c[0];- }, $result);- - return apply_filters('get_syncable_category_ids', $result);++ $qry = "SELECT DISTINCT tt.term_id + FROM {$wpdb->prefix}term_taxonomy AS tt + WHERE tt.taxonomy = %s";++ $results = $wpdb->get_results($wpdb->prepare($qry, 'product_cat'), ARRAY_N);++ return apply_filters('get_syncable_category_ids', array_map(fn($r) => intval($r[0]), $results)); }- } -function init_wbps_categories(){- return WBPS_Categories::__instance();+function init_wbps_categories() {+ return WBPS_Categories::__instance(); }\ No newline at end of file
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - includes/categories.class.php [lines 114-146 in old code, 113-144 in new code]
Old Code:
```php
public static function link_category_with_sheet($row_catid){
if( count($row_catid) <= 0 ) return;
global $wpdb;
$termmeta_table = $wpdb->prefix.'termmeta';
$wpsql = "INSERT INTO {$termmeta_table} (term_id,meta_key,meta_value) VALUES ";
$delqry = "DELETE FROM {$termmeta_table} WHERE term_id IN (";
$metakey = 'wbps_row_id';
foreach($row_catid as $row_id => $cat_id){
$metaval = $row_id;
$termid = $cat_id; // term id
// Delete existing terms meta if any
$delqry .= "{$termid},";
// Term meta sql
$wpsql .= "({$termid}, '{$metakey}', '{$metaval}'),";
}
// Delete query
$delqry = rtrim($delqry, ',');
$delqry .= ") AND meta_key='{$metakey}'";
$wpdb->query($delqry);
//insert query
$wpsql = rtrim($wpsql, ',');
// wbps_logger_array($wpsql);
$wpdb->query($wpsql);
}
```
Fixed Code:
```php
public static function link_category_with_sheet($row_catid) {
if (empty($row_catid)) return;
global $wpdb;
$termmeta_table = $wpdb->prefix . 'termmeta';
$metakey = 'wbps_row_id';
$term_ids = array_map('intval', array_values($row_catid));
$delete_placeholders = implode(',', array_fill(0, count($term_ids), '%d'));
// Combine term_ids and metakey for prepare
$delete_args = array_merge($term_ids, [$metakey]);
// Delete existing meta
$wpdb->query(
$wpdb->prepare(
"DELETE FROM {$termmeta_table} WHERE term_id IN ($delete_placeholders) AND meta_key = %s",
...$delete_args
)
);
// Prepare insert query
$values = [];
$placeholders = [];
foreach ($row_catid as $row_id => $cat_id) {
$placeholders[] = "(%d, %s, %s)";
$values[] = intval($cat_id);
$values[] = $metakey;
$values[] = strval($row_id);
}
$sql = "INSERT INTO {$termmeta_table} (term_id, meta_key, meta_value) VALUES " . implode(', ', $placeholders);
$wpdb->query($wpdb->prepare($sql, ...$values));
}
```
Explanation:
The old code directly concatenated user-controlled `$cat_id` and `$row_id` values into SQL queries without proper sanitization or parameterization, making it vulnerable to SQL injection. The fixed code uses `$wpdb->prepare()` with placeholders (`%d`, `%s`) and properly escapes values (`intval()`, `strval()`), neutralizing the injection risk.
---
Vulnerability Existed: yes
FALSE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - includes/categories.class.php [lines 148-162 in old code, 146-156 in new code]
Old Code:
```php
public static function get_syncable_category_ids() {
global $wpdb;
$qry = "SELECT DISTINCT term_id FROM {$wpdb->prefix}term_taxonomy WHERE";
$qry .= " taxonomy = 'product_cat'";
// $qry .= " AND NOT EXISTS (SELECT * from {$wpdb->prefix}termmeta where {$wpdb->prefix}termmeta.term_id = {$wpdb->prefix}term_taxonomy.term_id AND {$wpdb->prefix}termmeta.meta_key = 'wbps_row_id');";
$result = $wpdb->get_results($qry, ARRAY_N);
$result = array_map(function($c){
return $c[0];
}, $result);
return apply_filters('get_syncable_category_ids', $result);
}
```
Fixed Code:
```php
public static function get_syncable_category_ids() {
global $wpdb;
$qry = "SELECT DISTINCT tt.term_id
FROM {$wpdb->prefix}term_taxonomy AS tt
WHERE tt.taxonomy = %s";
$results = $wpdb->get_results($wpdb->prepare($qry, 'product_cat'), ARRAY_N);
return apply_filters('get_syncable_category_ids', array_map(fn($r) => intval($r[0]), $results));
}
```
Explanation:
The old code constructed a static SQL query with a hardcoded taxonomy value. While not directly vulnerable due to the fixed string, it's a poor practice. The new code uses `$wpdb->prepare()` with a placeholder (`%s`) for the taxonomy parameter, following secure coding standards and preventing potential injection if the taxonomy value were to become dynamic in the future.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - includes/categories.class.php [lines 18-19 in old code, 17-18 in new code]
Old Code:
```php
$id = isset($row['id']) ? $row['id'] : '';
$name = isset($row['name']) ? sanitize_key($row['name']) : '';
```
Fixed Code:
```php
$id = isset($row['id']) ? intval($row['id']) : '';
$name = isset($row['name']) ? sanitize_key($row['name']) : '';
```
Explanation:
The old code did not validate or sanitize the `id` field, which is used in SQL queries and array keys. This could lead to type confusion or injection if non-integer values were provided. The fixed code applies `intval()` to ensure the ID is an integer, preventing unexpected behavior.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - includes/categories.class.php [lines 96-97 in old code, 94-95 in new code]
Old Code:
```php
$row = $row + 1;
$link_new_data[$row] = $cat['id'];
```
Fixed Code:
```php
$row += 1;
$link_new_data[$row] = intval($cat['id']);
```
Explanation:
Similar to the previous issue, the old code used `$cat['id']` directly without validation. Since this value is later used in SQL operations, it could be a source of injection. The fix applies `intval()` to ensure it's a safe integer.
---
Vulnerability Existed: not sure
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - includes/categories.class.php [lines 17-18 in new code]
Old Code:
```php
$name = isset($row['name']) ? sanitize_key($row['name']) : '';
```
Fixed Code:
```php
$name = isset($row['name']) ? sanitize_key($row['name']) : '';
```
Explanation:
The `sanitize_key()` function is used for the category name, which reduces the character set to lowercase alphanumerics, underscores, and hyphens. This likely prevents XSS when the name is used in contexts like HTML attributes or database queries. However, without knowing all usage contexts of `$name`, it's uncertain if this sanitization is sufficient for complete XSS protection. The code appears unchanged in this regard, but the context suggests it may be adequate.
CVE Analysis Results:
CVE-2025-31599: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6.
[CVE-2025-31599] [Bulk Product Editor plugin allows you to create and edit your WooCommerce products and categories with Google Sheets.: 8.6→9.0] includes/functions.php
AI: 8 vulnerabilities
4 false positives, 4 true positives
CVE-2025-31599
--- cache/sync-wc-google_8.6/includes/functions.php 2025-12-04 14:05:20.396288280 +0000+++ cache/sync-wc-google_9.0/includes/functions.php 2025-12-04 14:05:22.184403060 +0000@@ -1,344 +1,219 @@-<?php +<?php /** * Helper functions **/ --function wbps_logger_array($msg){- wc_get_logger()->debug( wc_print_r( $msg, true ), array( 'source' => 'WCBulkProductSync' ) );+function wbps_logger_array($msg) {+ wc_get_logger()->debug(wc_print_r($msg, true), ['source' => 'WCBulkProductSync']); } -function wbps_load_file($file_name, $vars=null) {- - if( is_array($vars))- extract( $vars );- - $file_path = WBPS_PATH . '/templates/'.$file_name;- if( file_exists($file_path))- include ($file_path);- else- die('File not found'.$file_path);+function wbps_load_file($file_name, $vars = null) {+ if (is_array($vars)) extract($vars, EXTR_SKIP);++ $file_path = WBPS_PATH . '/templates/' . basename($file_name);+ if (file_exists($file_path)) {+ include $file_path;+ } else {+ wp_die(esc_html__('Template file not found: ', 'wbps') . esc_html($file_path));+ } } function wbps_pro_is_installed() {- - if( !defined('WCGS_PRO_VERSION') ) return false;- if( intval(WCGS_PRO_VERSION) < 7 ) return false;- - return true;+ return defined('WCGS_PRO_VERSION') && intval(WCGS_PRO_VERSION) >= 7; } -// Field that need to be formatted function wbps_fields_format_required() {- - return apply_filters('wbps_fields_format_required', - ['categories'=>'array', 'brands'=>'array', 'upsell_ids'=>'array','tags'=>'array','downloads'=>'array','images'=>'array', 'attributes'=>'array','image'=>'array','meta_data'=>'array','dimensions'=>'array']);+ return apply_filters('wbps_fields_format_required', [+ 'categories' => 'array',+ 'brands' => 'array',+ 'upsell_ids' => 'array',+ 'tags' => 'array',+ 'downloads' => 'array',+ 'images' => 'array',+ 'attributes' => 'array',+ 'image' => 'array',+ 'meta_data' => 'array',+ 'dimensions' => 'array'+ ]); } -// Field with integer arrays function wbps_fields_integer_array() {- - return apply_filters('wcgs_fields_integer_array', - ['variations','grouped_products','cross_sell_ids','upsell_ids','related_ids']- );+ return apply_filters('wcgs_fields_integer_array', [+ 'variations',+ 'grouped_products',+ 'cross_sell_ids',+ 'upsell_ids',+ 'related_ids'+ ]); } +function wbps_get_syncback_product_ids($product_status = ['publish']) {+ global $wpdb; -// return product ids which needs to be fetched.-// $product_status: ['publish','draft']-function wbps_get_syncback_product_ids($product_status=['publish']) {- - $include_products = [];- - // better to use wp_query method, as wc_get_products not working with status=>draft- if( apply_filters('wbps_use_wp_query', true) ) {- - global $wpdb;- $qry = "SELECT DISTINCT ID FROM {$wpdb->prefix}posts WHERE";- $qry .= " post_type = 'product'";- - $product_status = apply_filters('wbps_fetch_product_status', $product_status);- - // product status- // adding single qoute- $product_status = array_map(function($status){- return "'{$status}'";+ if (apply_filters('wbps_use_wp_query', true)) {+ $status_escaped = array_map(function($status) use ($wpdb) {+ return $wpdb->prepare('%s', $status); }, $product_status);- - $product_status = implode(",",$product_status);- $qry .= " AND post_status IN ({$product_status})";- - // disabling for now- // $syncback_setting = get_option('wbps_syncback_settings');- // if( $syncback_setting == 'not_linked' ){- - // $qry .= " AND NOT EXISTS (SELECT * from {$wpdb->prefix}postmeta where {$wpdb->prefix}postmeta.post_id = {$wpdb->prefix}posts.ID AND {$wpdb->prefix}postmeta.meta_key = 'wbps_row_id');";- // }- - $qry = apply_filters('wbps_chunk_query', $qry);- - $products_notsync = $wpdb->get_results($qry, ARRAY_N);- $include_products = array_map(function($item){ return $item[0]; }, $products_notsync);- ++ $status_sql = implode(',', $status_escaped);+ $query = "SELECT DISTINCT ID FROM {$wpdb->prefix}posts WHERE post_type = 'product' AND post_status IN ({$status_sql})";+ $query = apply_filters('wbps_chunk_query', $query);++ $products = $wpdb->get_col($query); } else {- - // Get product ids.- $args = array(- 'return' => 'ids',- 'orderby' => 'id',- 'order' => 'ASC', - 'limit' => -1,- 'status' => $product_status,- );- - - $include_products = wc_get_products( $args );+ $args = [+ 'return' => 'ids',+ 'orderby' => 'id',+ 'order' => 'ASC',+ 'limit' => -1,+ 'status' => $product_status,+ ];+ $products = wc_get_products($args); }- - // wbps_log($include_products); exit;- return apply_filters('wbps_get_syncback_product_ids', $include_products);- ++ return apply_filters('wbps_get_syncback_product_ids', $products); } -function wbps_get_webapp_url(){- $url = get_option('wbps_webhook_url');- return $url;+function wbps_get_webapp_url() {+ return esc_url_raw(get_option('wbps_webhook_url')); } function wbps_generate_wc_api_keys() { global $wpdb; $user_id = get_current_user_id();-- // Generate WooCommerce Consumer Key and Consumer Secret $consumerKey = 'ck_' . wp_generate_password(24, false); $consumerSecret = 'cs_' . wp_generate_password(37, false); - $description = 'BPS Rest ' . date('Y-m-d');-- $args = array(+ $args = [ 'user_id' => $user_id,- 'description' => $description,+ 'description' => 'BPS Rest ' . current_time('mysql'), 'permissions' => 'read_write', 'consumer_key' => $consumerKey, 'consumer_secret' => $consumerSecret, 'truncated_key' => substr($consumerSecret, -7),- );+ ]; - // Insert the keys into the WooCommerce API keys table- $inserted = $wpdb->insert(- $wpdb->prefix . 'woocommerce_api_keys',- $args- );+ $inserted = $wpdb->insert($wpdb->prefix . 'woocommerce_api_keys', $args); if ($inserted) {- // Keys inserted successfully- return array(+ return [ 'consumer_key' => $consumerKey, 'consumer_secret' => $consumerSecret,- 'key_id' => $wpdb->insert_id, // Get the last inserted ID- );- } else {- // Error occurred during insertion, return WP_Error- return new WP_Error(- 'api_key_generation_error',- 'Error generating API keys.',- array('status' => 500)- );+ 'key_id' => $wpdb->insert_id,+ ]; }-} + return new WP_Error('api_key_generation_error', __('Error generating API keys.', 'wbps'), ['status' => 500]);+} -function wpbs_disconnect(){- +function wpbs_disconnect() { global $wpdb;- $val = 'wbps_row_id';- - $table = "{$wpdb->prefix}postmeta";- $wpdb->delete( $table, array( 'meta_key' => $val ) );- - $table = "{$wpdb->prefix}termmeta";- $wpdb->delete( $table, array( 'meta_key' => $val ) );- - // delete webhook url:++ $meta_key = 'wbps_row_id';+ $wpdb->delete($wpdb->prefix . 'postmeta', ['meta_key' => $meta_key]);+ $wpdb->delete($wpdb->prefix . 'termmeta', ['meta_key' => $meta_key]);+ delete_option('wbps_webhook_url');- + $wc_keys = get_option('wbps_woocommerce_keys');- $key_id = isset($wc_keys['key_id']) ? $wc_keys['key_id'] : null;- - // deleting WC REST keys- if($key_id) {- $delete = $wpdb->delete( $wpdb->prefix . 'woocommerce_api_keys', array( 'key_id' => $key_id ), array( '%d' ) );+ if (!empty($wc_keys['key_id'])) {+ $wpdb->delete($wpdb->prefix . 'woocommerce_api_keys', ['key_id' => intval($wc_keys['key_id'])], ['%d']); }- - // wc keys+ delete_option('wbps_woocommerce_keys');- - // sheet props delete_option('wbps_sheet_props');- - // connection status delete_option('wbps_connection_status'); } -function wbps_get_product_meta_col_value($product, $col_key){- - $value_found = '';- $value_found = get_post_meta($product['id'], $col_key, true);- if( $value_found ) return $value_found;- // wbps_logger_array($value_found);- - // backup meta value check- $value_found = array_reduce($product['meta_data'], function($acc, $meta) use ($col_key) {- if ($meta->key === $col_key) {- return $meta->value;- }- return $acc;+function wbps_get_product_meta_col_value($product, $col_key) {+ $value = get_post_meta($product['id'], $col_key, true);+ if ($value) return $value;++ return array_reduce($product['meta_data'], function($acc, $meta) use ($col_key) {+ return ($meta->key === $col_key) ? $meta->value : $acc; });- - return $value_found; } function wbps_return_bytes($size) { $unit = strtoupper(substr($size, -1));- $value = substr($size, 0, -1);+ $value = (int)substr($size, 0, -1); switch ($unit) {- case 'K':- return $value * 1024;- case 'M':- return $value * 1024 * 1024;- case 'G':- return $value * 1024 * 1024 * 1024;- default:- return $value;+ case 'K': return $value * 1024;+ case 'M': return $value * 1024 * 1024;+ case 'G': return $value * 1024 * 1024 * 1024;+ default: return $value; } } function wbps_settings_link($links) {- - $connection_settings = admin_url( 'admin.php?page=wbps-settings');- - $wbps_links = array();- $wbps_links[] = sprintf(__('<a href="%s">Connection Manager</a>', "wbps"), esc_url($connection_settings) );- - foreach($wbps_links as $link) {- - array_push( $links, $link );- }- - return $links;+ $url = esc_url(admin_url('admin.php?page=wbps-settings'));+ $links[] = sprintf('<a href="%s">%s</a>', $url, __('Connection Manager', 'wbps'));+ return $links; } -// Names provided like tag1|tag2 with taxonomy type-// will return the ids function wbps_get_taxonomy_ids_by_names($taxonomy_type, $taxonomy_names) { global $wpdb;- - $taxonomy_table = $wpdb->prefix . 'term_taxonomy';- $term_table = $wpdb->prefix . 'terms';- - $taxonomy_names = explode('|', $taxonomy_names);- $taxonomy_names = array_map('trim', $taxonomy_names);- - $placeholders = array_fill(0, count($taxonomy_names), '%s');- $placeholders = implode(',', $placeholders);- - $placeholders_values = array_merge([$taxonomy_type], $taxonomy_names);- ++ $names = array_map('sanitize_text_field', explode('|', $taxonomy_names));+ $placeholders = implode(',', array_fill(0, count($names), '%s')); $query = $wpdb->prepare(- "SELECT t.term_id- FROM $term_table AS t- INNER JOIN $taxonomy_table AS tt ON tt.term_id = t.term_id- WHERE tt.taxonomy = %s- AND t.name IN ($placeholders)",- $placeholders_values+ "SELECT t.term_id FROM {$wpdb->terms} t+ JOIN {$wpdb->term_taxonomy} tt ON t.term_id = tt.term_id+ WHERE tt.taxonomy = %s AND t.name IN ($placeholders)",+ array_merge([$taxonomy_type], $names) );- - $taxonomy_ids = $wpdb->get_col($query);- - return $taxonomy_ids;++ return $wpdb->get_col($query); } function wbps_sync_processed_data($items, $action) { return array_map(function($item) use ($action) {- if (isset($item['error'])) {- $message = $item['error']['message'] . ' product:' . $item['id'];- return ['row' => 'ERROR', 'id' => $item['id'], 'message' => $message, 'action' => $action];+ if (!empty($item['error'])) {+ $message = sanitize_text_field($item['error']['message']) . ' product:' . intval($item['id']);+ return ['row' => 'ERROR', 'id' => intval($item['id']), 'message' => $message, 'action' => $action]; } - $row_id_meta = array_filter($item['meta_data'], function($meta) {- return $meta->key == 'wbps_row_id';- });-- $row_id_meta = reset($row_id_meta);- $row_id = $row_id_meta->value;+ $row_id_meta = array_filter($item['meta_data'], fn($meta) => $meta->key === 'wbps_row_id');+ $row_id = reset($row_id_meta)->value ?? ''; $images_ids = array_column($item['images'], 'id'); $images_ids = apply_filters('wbps_images_ids', implode('|', $images_ids), $item); - return ['row' => $row_id, 'id' => $item['id'], 'images' => $images_ids, 'action' => $action];+ return ['row' => $row_id, 'id' => intval($item['id']), 'images' => $images_ids, 'action' => $action]; }, $items); } -// get authcode-function wbps_get_authcode(){- +function wbps_get_authcode() { $authcode = get_option('wbps_authcode');- $wc_keys = get_option('wbps_woocommerce_keys');- if( !$wc_keys ) {++ if (!$wc_keys) { $wc_keys = wbps_generate_wc_api_keys(); update_option('wbps_woocommerce_keys', $wc_keys); }- - if( $authcode ) return $authcode;- ++ if ($authcode) return sanitize_text_field($authcode);+ $authcode = 'authcode_' . wp_generate_password(24, false); update_option('wbps_authcode', $authcode); return $authcode; } -// get sheets props-function wbps_get_sheet_props(){- $sheet_props = get_option('wbps_sheet_props');- return $sheet_props;+function wbps_get_sheet_props() {+ return get_option('wbps_sheet_props'); } function wpbs_get_taxonomy_names() {- - $sheet_properties = wbps_get_sheet_props();- - if (!$sheet_properties) return [];- - if (!isset($sheet_properties['product_mapping'])) return [];- - $product_mapping = json_decode($sheet_properties['product_mapping'], true);- - if (!$product_mapping) return [];- - // Filter and get only taxonomy keys- $taxonomy_names = array_map(function($item) {- return $item['key'];- }, array_filter($product_mapping, function($item) {- return $item['source'] === 'taxonomy';- }));- - return $taxonomy_names;-}+ $props = wbps_get_sheet_props();+ if (!$props || !isset($props['product_mapping'])) return []; -/**- * Decode data if it is a valid JSON string, otherwise return the plain string.- *- * @param string $data The input data.- * @return mixed Decoded data if JSON, or the plain string.- */-function wbps_decode_if_json($data) {- // Attempt to decode the JSON string- $decoded_data = json_decode($data, true); // true converts JSON objects to associative arrays+ $mapping = json_decode($props['product_mapping'], true);+ if (!is_array($mapping)) return []; - if (json_last_error() === JSON_ERROR_NONE) {- return $decoded_data; // Return the decoded data (array or object)- }+ return array_map(fn($item) => $item['key'], array_filter($mapping, fn($item) => $item['source'] === 'taxonomy'));+} - // If not JSON, return the plain string- return sanitize_text_field($data);+function wbps_decode_if_json($data) {+ $decoded = json_decode($data, true);+ return (json_last_error() === JSON_ERROR_NONE) ? $decoded : sanitize_text_field($data); }\ No newline at end of file
AI Analysis
Vulnerability Existed: yes
FALSE POSITIVE
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - includes/functions.php [Lines 78-80]
Old Code:
```php
function wbps_get_webapp_url() {
$url = get_option('wbps_webhook_url');
return $url;
}
```
Fixed Code:
```php
function wbps_get_webapp_url() {
return esc_url_raw(get_option('wbps_webhook_url'));
}
```
Explanation:
The old code returned a raw URL from the database without validation or sanitization, which could lead to exposure of malicious URLs or unintended redirects if the option value is compromised. The fixed code uses `esc_url_raw()` to ensure the returned URL is properly sanitized for safe use in contexts requiring a URL, preventing potential security risks like open redirects or injection attacks.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Injection') - includes/functions.php [Lines 10-18]
Old Code:
```php
function wbps_load_file($file_name, $vars=null) {
if( is_array($vars))
extract( $vars );
$file_path = WBPS_PATH . '/templates/'.$file_name;
if( file_exists($file_path))
include ($file_path);
else
die('File not found'.$file_path);
}
```
Fixed Code:
```php
function wbps_load_file($file_name, $vars = null) {
if (is_array($vars)) extract($vars, EXTR_SKIP);
$file_path = WBPS_PATH . '/templates/' . basename($file_name);
if (file_exists($file_path)) {
include $file_path;
} else {
wp_die(esc_html__('Template file not found: ', 'wbps') . esc_html($file_path));
}
}
```
Explanation:
The old code directly concatenated user input (`$file_name`) into a file path without validation, allowing directory traversal attacks (e.g., `../../malicious.php`). The fixed code uses `basename()` to strip directory components, restricting file inclusion to the intended template directory. Additionally, `die()` is replaced with `wp_die()` for safer error handling, and output is escaped with `esc_html()` to prevent XSS in error messages.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - includes/functions.php [Lines 50-72]
Old Code:
```php
$product_status = array_map(function($status){
return "'{$status}'";
}, $product_status);
$product_status = implode(",",$product_status);
$qry .= " AND post_status IN ({$product_status})";
```
Fixed Code:
```php
$status_escaped = array_map(function($status) use ($wpdb) {
return $wpdb->prepare('%s', $status);
}, $product_status);
$status_sql = implode(',', $status_escaped);
$query = "SELECT DISTINCT ID FROM {$wpdb->prefix}posts WHERE post_type = 'product' AND post_status IN ({$status_sql})";
```
Explanation:
The old code directly interpolated user-controlled `$product_status` values into an SQL query without proper escaping, making it vulnerable to SQL injection if the values are malicious. The fixed code uses `$wpdb->prepare()` to safely escape each status value, ensuring they are treated as literals and not executable SQL code.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - includes/functions.php [Lines 148-152]
Old Code:
```php
function wbps_settings_link($links) {
$connection_settings = admin_url( 'admin.php?page=wbps-settings');
$wbps_links = array();
$wbps_links[] = sprintf(__('<a href="%s">Connection Manager</a>', "wbps"), esc_url($connection_settings) );
foreach($wbps_links as $link) {
array_push( $links, $link );
}
return $links;
}
```
Fixed Code:
```php
function wbps_settings_link($links) {
$url = esc_url(admin_url('admin.php?page=wbps-settings'));
$links[] = sprintf('<a href="%s">%s</a>', $url, __('Connection Manager', 'wbps'));
return $links;
}
```
Explanation:
The old code used `__()` for translation but did not escape the translated string, which could allow XSS if a malicious translation is injected. The fixed code removes the translation from the HTML anchor tag and applies it only to the link text, while also ensuring the URL is escaped with `esc_url()`. This prevents potential script injection via translated strings.
---
Vulnerability Existed: yes
FALSE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - includes/functions.php [Lines 164-178]
Old Code:
```php
function wbps_get_taxonomy_ids_by_names($taxonomy_type, $taxonomy_names) {
global $wpdb;
$taxonomy_names = explode('|', $taxonomy_names);
$taxonomy_names = array_map('trim', $taxonomy_names);
$placeholders = array_fill(0, count($taxonomy_names), '%s');
$placeholders = implode(',', $placeholders);
$placeholders_values = array_merge([$taxonomy_type], $taxonomy_names);
$query = $wpdb->prepare(
"SELECT t.term_id FROM $term_table AS t INNER JOIN $taxonomy_table AS tt ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name IN ($placeholders)",
$placeholders_values
);
$taxonomy_ids = $wpdb->get_col($query);
return $taxonomy_ids;
}
```
Fixed Code:
```php
function wbps_get_taxonomy_ids_by_names($taxonomy_type, $taxonomy_names) {
global $wpdb;
$names = array_map('sanitize_text_field', explode('|', $taxonomy_names));
$placeholders = implode(',', array_fill(0, count($names), '%s'));
$query = $wpdb->prepare(
"SELECT t.term_id FROM {$wpdb->terms} t JOIN {$wpdb->term_taxonomy} tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND t.name IN ($placeholders)",
array_merge([$taxonomy_type], $names)
);
return $wpdb->get_col($query);
}
```
Explanation:
The old code used `trim()` on user input but did not sanitize it before passing to `$wpdb->prepare()`, which could still allow SQL injection if the input contains malicious SQL fragments. The fixed code adds `sanitize_text_field()` to each taxonomy name, providing an additional layer of security. While `$wpdb->prepare()` should prevent SQL injection, sanitization reduces risk from unexpected input.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - includes/functions.php [Lines 180-194]
Old Code:
```php
function wbps_sync_processed_data($items, $action) {
return array_map(function($item) use ($action) {
if (isset($item['error'])) {
$message = $item['error']['message'] . ' product:' . $item['id'];
return ['row' => 'ERROR', 'id' => $item['id'], 'message' => $message, 'action' => $action];
}
// ... rest of function
}, $items);
}
```
Fixed Code:
```php
function wbps_sync_processed_data($items, $action) {
return array_map(function($item) use ($action) {
if (!empty($item['error'])) {
$message = sanitize_text_field($item['error']['message']) . ' product:' . intval($item['id']);
return ['row' => 'ERROR', 'id' => intval($item['id']), 'message' => $message, 'action' => $action];
}
// ... rest of function
}, $items);
}
```
Explanation:
The old code directly used `$item['error']['message']` without sanitization, which could lead to XSS if the error message contains malicious scripts when output in HTML. The fixed code applies `sanitize_text_field()` to the error message and `intval()` to the ID, ensuring safe output and preventing script injection.
---
Vulnerability Existed: yes
FALSE POSITIVE
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - includes/functions.php [Lines 196-210]
Old Code:
```php
function wbps_get_authcode() {
$authcode = get_option('wbps_authcode');
// ... key generation logic
if( $authcode ) return $authcode;
$authcode = 'authcode_' . wp_generate_password(24, false);
update_option('wbps_authcode', $authcode);
return $authcode;
}
```
Fixed Code:
```php
function wbps_get_authcode() {
$authcode = get_option('wbps_authcode');
// ... key generation logic
if ($authcode) return sanitize_text_field($authcode);
$authcode = 'authcode_' . wp_generate_password(24, false);
update_option('wbps_authcode', $authcode);
return $authcode;
}
```
Explanation:
The old code returned a raw authentication code from the database without sanitization, which could expose sensitive data if the code contains special characters or is used in an insecure context. The fixed code applies `sanitize_text_field()` to the returned value, ensuring it is safe for output and reducing the risk of unintended data exposure.
---
Vulnerability Existed: yes
FALSE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - includes/functions.php [Lines 219-221]
Old Code:
```php
function wbps_decode_if_json($data) {
$decoded_data = json_decode($data, true);
if (json_last_error() === JSON_ERROR_NONE) {
return $decoded_data;
}
return sanitize_text_field($data);
}
```
Fixed Code:
```php
function wbps_decode_if_json($data) {
$decoded = json_decode($data, true);
return (json_last_error() === JSON_ERROR_NONE) ? $decoded : sanitize_text_field($data);
}
```
Explanation:
While both versions sanitize non-JSON data with `sanitize_text_field()`, the old code's structure could be misinterpreted as not sanitizing the JSON-decoded output. The fixed code is more concise but maintains the same security posture: non-JSON strings are sanitized to prevent XSS when echoed. However, if the decoded JSON contains unsafe HTML, it might still pose a risk depending on usage context.
CVE Analysis Results:
CVE-2025-31599: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6.
[CVE-2025-31599] [Bulk Product Editor plugin allows you to create and edit your WooCommerce products and categories with Google Sheets.: 8.6→9.0] includes/hooks.class.php
AI: 4 vulnerabilities
1 false positive, 3 true positives
CVE-2025-31599
--- cache/sync-wc-google_8.6/includes/hooks.class.php 2025-12-04 14:05:20.396288280 +0000+++ cache/sync-wc-google_9.0/includes/hooks.class.php 2025-12-04 14:05:22.184403060 +0000@@ -76,42 +76,44 @@ function categories_row_update($rowRef) {- - if( count($rowRef) <= 0 ) return;- + if (empty($rowRef)) return;+ global $wpdb;- $termmeta_table = $wpdb->prefix.'termmeta';- - $wpsql = "INSERT INTO {$termmeta_table} (term_id,meta_key,meta_value) VALUES ";- $delqry = "DELETE FROM {$termmeta_table} WHERE term_id IN ("; $metakey = 'wcgs_row_id';- - foreach($rowRef as $ref){- - if( $ref['row'] == 'ERROR' ) continue;- - $termid = $ref['id']; // term id- $metaval = $ref['row'];- - // Delete existing terms meta if any- $delqry .= "{$termid},";- // Term meta sql- $wpsql .= "({$termid}, '{$metakey}', '{$metaval}'),";- + $termmeta_table = $wpdb->prefix . 'termmeta';+ + $term_ids = [];+ $values = [];+ $placeholders = [];+ + foreach ($rowRef as $ref) {+ if ($ref['row'] === 'ERROR') continue;+ $term_ids[] = intval($ref['id']);+ $placeholders[] = "(%d, %s, %s)";+ $values[] = intval($ref['id']);+ $values[] = $metakey;+ $values[] = sanitize_text_field($ref['row']);+ }+ + if ($term_ids) {+ $wpdb->query(+ $wpdb->prepare(+ "DELETE FROM {$termmeta_table} WHERE term_id IN (" . implode(',', array_fill(0, count($term_ids), '%d')) . ") AND meta_key = %s",+ ...array_merge($term_ids, [$metakey])+ )+ );+ }+ + if ($placeholders) {+ $wpdb->query(+ $wpdb->prepare(+ "INSERT INTO {$termmeta_table} (term_id, meta_key, meta_value) VALUES " . implode(',', $placeholders),+ ...$values+ )+ ); }- - // var_dump($wpsql); exit;- - // Delete query- $delqry = rtrim($delqry, ',');- $delqry .= ") AND meta_key='{$metakey}'";- $wpdb->query($delqry);- - //insert query- $wpsql = rtrim($wpsql, ',');- - $wpdb->query($wpsql); }+ // Add variation before syncback via hook function add_variations($products, $header){@@ -334,7 +336,7 @@ }, []); // wbps_logger_array($items); - $payload_new['row_id'] = get_post_meta($product['id'],'wbps_row_id', true);+ $row_id = sanitize_text_field(get_post_meta($payload['id'], 'wbps_row_id', true)); $payload_new['rows'] = $items; $payload_new['product_id'] = $product['id']; $payload_new['sheet_props'] = $sheet_props;@@ -345,7 +347,7 @@ function handle_product_trashed( $new_status, $old_status, $post ) { - if ( $_SERVER['REQUEST_URI'] === '/wp-json/wbps/v1/product-sync' ) {+ if (isset($_SERVER['REQUEST_URI']) && strpos(sanitize_text_field($_SERVER['REQUEST_URI']), '/wp-json/wbps/v1/product-sync') !== false) { return; } @@ -398,7 +400,7 @@ $response = wp_remote_post( $endpoint_url, array( 'method' => 'POST', 'headers' => array( 'Content-Type' => 'application/json' ),- 'body' => json_encode( $payload ),+ 'body' => wp_json_encode($payload), ) ); // Log the response@@ -444,7 +446,7 @@ $response = wp_remote_post( $endpoint_url, array( 'method' => 'POST', 'headers' => array( 'Content-Type' => 'application/json' ),- 'body' => json_encode( $payload ),+ 'body' => wp_json_encode($payload), ) ); // Log the response@@ -490,7 +492,7 @@ $response = wp_remote_post( $endpoint_url, array( 'method' => 'POST', 'headers' => array( 'Content-Type' => 'application/json' ),- 'body' => json_encode( $payload ),+ 'body' => wp_json_encode($payload), ) ); // Log the response
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - includes/hooks.class.php lines 76-121
Old Code:
```php
$wpsql = "INSERT INTO {$termmeta_table} (term_id,meta_key,meta_value) VALUES ";
$delqry = "DELETE FROM {$termmeta_table} WHERE term_id IN (";
...
foreach($rowRef as $ref){
...
$termid = $ref['id']; // term id
$metaval = $ref['row'];
// Delete existing terms meta if any
$delqry .= "{$termid},";
// Term meta sql
$wpsql .= "({$termid}, '{$metakey}', '{$metaval}'),";
}
...
$delqry = rtrim($delqry, ',');
$delqry .= ") AND meta_key='{$metakey}'";
$wpdb->query($delqry);
...
$wpsql = rtrim($wpsql, ',');
$wpdb->query($wpsql);
```
Fixed Code:
```php
foreach ($rowRef as $ref) {
if ($ref['row'] === 'ERROR') continue;
$term_ids[] = intval($ref['id']);
$placeholders[] = "(%d, %s, %s)";
$values[] = intval($ref['id']);
$values[] = $metakey;
$values[] = sanitize_text_field($ref['row']);
}
...
$wpdb->query(
$wpdb->prepare(
"DELETE FROM {$termmeta_table} WHERE term_id IN (" . implode(',', array_fill(0, count($term_ids), '%d')) . ") AND meta_key = %s",
...array_merge($term_ids, [$metakey])
)
);
...
$wpdb->query(
$wpdb->prepare(
"INSERT INTO {$termmeta_table} (term_id, meta_key, meta_value) VALUES " . implode(',', $placeholders),
...$values
)
);
```
Explanation:
The old code directly concatenated user-controlled values (`$ref['id']` and `$ref['row']`) into SQL queries without proper sanitization or parameterization, making it vulnerable to SQL injection. The fixed code uses `$wpdb->prepare()` with placeholders (`%d`, `%s`) and properly escapes values (`intval()` for integers, `sanitize_text_field()` for strings), ensuring safe SQL execution.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - includes/hooks.class.php line 336
Old Code:
```php
$payload_new['row_id'] = get_post_meta($product['id'],'wbps_row_id', true);
```
Fixed Code:
```php
$row_id = sanitize_text_field(get_post_meta($payload['id'], 'wbps_row_id', true));
```
Explanation:
The old code retrieved a meta value without sanitization before potential output. The fixed code applies `sanitize_text_field()` to the retrieved value, which helps prevent stored XSS if this value is later output in an unsafe context (e.g., in HTML or JavaScript). Note: The variable name changed from `$payload_new['row_id']` to `$row_id`, but the key fix is the sanitization.
---
Vulnerability Existed: yes
FALSE POSITIVE
CWE-20: Improper Input Validation - includes/hooks.class.php line 347
Old Code:
```php
if ( $_SERVER['REQUEST_URI'] === '/wp-json/wbps/v1/product-sync' ) {
```
Fixed Code:
```php
if (isset($_SERVER['REQUEST_URI']) && strpos(sanitize_text_field($_SERVER['REQUEST_URI']), '/wp-json/wbps/v1/product-sync') !== false) {
```
Explanation:
The old code directly accessed `$_SERVER['REQUEST_URI']` without checking if it exists, which could cause issues if not set. More critically, it performed a direct string comparison without sanitization, potentially allowing bypasses via maliciously crafted URIs. The fixed code adds existence checking, uses `sanitize_text_field()` on the input, and performs a substring check instead of exact match, improving validation.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - includes/hooks.class.php lines 400, 446, 492
Old Code:
```php
'body' => json_encode( $payload ),
```
Fixed Code:
```php
'body' => wp_json_encode($payload),
```
Explanation:
The old code used `json_encode()` which doesn't escape HTML entities. If `$payload` contains user-controlled data that gets reflected in HTML responses, it could lead to XSS. `wp_json_encode()` is WordPress's safer alternative that escapes characters like `<`, `>`, `&`, `'`, `"` for proper JSON encoding in HTML contexts, preventing XSS when the JSON is embedded in script tags or attributes.
CVE Analysis Results:
CVE-2025-31599: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6.
[CVE-2025-31599] [Bulk Product Editor plugin allows you to create and edit your WooCommerce products and categories with Google Sheets.: 8.6→9.0] includes/products.class.php
AI: 2 vulnerabilities
1 false positive, 1 true positive
CVE-2025-31599
--- cache/sync-wc-google_8.6/includes/products.class.php 2025-12-04 14:05:20.396288280 +0000+++ cache/sync-wc-google_9.0/includes/products.class.php 2025-12-04 14:05:22.188403316 +0000@@ -176,8 +176,17 @@ public static function prepare_for_syncback($products, $settings, $last_row){ global $wpdb;+ $qry = "SELECT post_id, meta_value from {$wpdb->prefix}postmeta where {$wpdb->prefix}postmeta.meta_key = 'wbps_row_id'";+ + $meta_key = 'wbps_row_id';+ $qry = $wpdb->prepare(+ "SELECT post_id, meta_value FROM {$wpdb->prefix}postmeta WHERE meta_key = %s",+ $meta_key+ );+ $db_results = $wpdb->get_results($qry);+ $pid_rows = []; foreach($db_results as $row){ $pid_rows[$row->post_id] = $row->meta_value;@@ -216,42 +225,41 @@ return $products_refined; } - public static function link_product_with_sheet($row_prodid){- - if( count($row_prodid) <= 0 ) return;- + public static function link_product_with_sheet($row_prodid) {+ if (empty($row_prodid)) return;+ global $wpdb;- $postmeta_table = $wpdb->prefix.'postmeta';- - $wpsql = "INSERT INTO {$postmeta_table} (post_id,meta_key,meta_value) VALUES ";- $delqry = "DELETE FROM {$postmeta_table} WHERE post_id IN (";+ $postmeta_table = $wpdb->prefix . 'postmeta'; $metakey = 'wbps_row_id';- - foreach($row_prodid as $row_id => $prod_id){- - - $metaval = $row_id;- $postid = $prod_id; // term id- - // Delete existing terms meta if any- $delqry .= "{$postid},";- // Term meta sql- $wpsql .= "({$postid}, '{$metakey}', '{$metaval}'),";- + + $post_ids = array_map('intval', array_values($row_prodid));+ $values = [];+ $placeholders = [];+ + foreach ($row_prodid as $row_id => $prod_id) {+ $placeholders[] = "(%d, %s, %s)";+ $values[] = intval($prod_id);+ $values[] = $metakey;+ $values[] = strval($row_id); }- - // Delete query- $delqry = rtrim($delqry, ',');- $delqry .= ") AND meta_key='{$metakey}'";- $wpdb->query($delqry);- - //insert query- $wpsql = rtrim($wpsql, ',');- - // wbps_logger_array($wpsql);- - $wpdb->query($wpsql);+ + // DELETE old rows+ $wpdb->query(+ $wpdb->prepare(+ "DELETE FROM {$postmeta_table} WHERE post_id IN (" . implode(',', array_fill(0, count($post_ids), '%d')) . ") AND meta_key = %s",+ ...array_merge($post_ids, [$metakey])+ )+ );+ + // INSERT new rows+ $wpdb->query(+ $wpdb->prepare(+ "INSERT INTO {$postmeta_table} (post_id, meta_key, meta_value) VALUES " . implode(',', $placeholders),+ ...$values+ )+ ); }+ }
AI Analysis
Vulnerability Existed: yes
FALSE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - includes/products.class.php [176-185]
Old Code:
```php
$qry = "SELECT post_id, meta_value from {$wpdb->prefix}postmeta where {$wpdb->prefix}postmeta.meta_key = 'wbps_row_id'";
```
Fixed Code:
```php
$meta_key = 'wbps_row_id';
$qry = $wpdb->prepare(
"SELECT post_id, meta_value FROM {$wpdb->prefix}postmeta WHERE meta_key = %s",
$meta_key
);
```
Explanation:
The old code directly concatenated a string into an SQL query without sanitization or parameterization. While the meta_key value appears to be a hardcoded string, using `$wpdb->prepare` with a placeholder (`%s`) ensures proper escaping and prevents SQL injection if the meta_key were ever to become dynamic or user-influenced. The fix follows WordPress coding standards for safe database queries.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - includes/products.class.php [225-260]
Old Code:
```php
$wpsql = "INSERT INTO {$postmeta_table} (post_id,meta_key,meta_value) VALUES ";
$delqry = "DELETE FROM {$postmeta_table} WHERE post_id IN (";
foreach($row_prodid as $row_id => $prod_id){
$metaval = $row_id;
$postid = $prod_id;
$delqry .= "{$postid},";
$wpsql .= "({$postid}, '{$metakey}', '{$metaval}'),";
}
$delqry = rtrim($delqry, ',');
$delqry .= ") AND meta_key='{$metakey}'";
$wpdb->query($delqry);
$wpsql = rtrim($wpsql, ',');
$wpdb->query($wpsql);
```
Fixed Code:
```php
$post_ids = array_map('intval', array_values($row_prodid));
$values = [];
$placeholders = [];
foreach ($row_prodid as $row_id => $prod_id) {
$placeholders[] = "(%d, %s, %s)";
$values[] = intval($prod_id);
$values[] = $metakey;
$values[] = strval($row_id);
}
$wpdb->query(
$wpdb->prepare(
"DELETE FROM {$postmeta_table} WHERE post_id IN (" . implode(',', array_fill(0, count($post_ids), '%d')) . ") AND meta_key = %s",
...array_merge($post_ids, [$metakey])
)
);
$wpdb->query(
$wpdb->prepare(
"INSERT INTO {$postmeta_table} (post_id, meta_key, meta_value) VALUES " . implode(',', $placeholders),
...$values
)
);
```
Explanation:
The old code constructed SQL queries by directly concatenating variables (`$postid`, `$metaval`, `$metakey`) into the query strings, making it vulnerable to SQL injection if any of these values were user-controlled. The fix uses `$wpdb->prepare` with proper placeholders (`%d`, `%s`) and ensures integer casting (`intval`) for IDs, which neutralizes special elements and prevents SQL injection attacks. This is a critical security improvement for database operations.
CVE Analysis Results:
CVE-2025-31599: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6.
[CVE-2025-31599] [Bulk Product Editor plugin allows you to create and edit your WooCommerce products and categories with Google Sheets.: 8.6→9.0] includes/wprest.class.php
AI: 7 vulnerabilities
4 false positives, 3 true positives
CVE-2025-31599
--- cache/sync-wc-google_8.6/includes/wprest.class.php 2025-12-04 14:05:20.396288280 +0000+++ cache/sync-wc-google_9.0/includes/wprest.class.php 2025-12-04 14:05:22.188403316 +0000@@ -1,449 +1,236 @@ <?php /** * Rest API Handling- * - * */--if( ! defined('ABSPATH') ) die('Not Allowed.');+ */ +if (!defined('ABSPATH')) die('Not Allowed.'); class WBPS_WP_REST {- - private static $ins = null;- - public static function __instance()- {- // create a new object if it doesn't exist.- is_null(self::$ins) && self::$ins = new self;- return self::$ins;- }- - public function __construct() {- - add_filter('woocommerce_rest_check_permissions', '__return_true');- - add_action( 'rest_api_init', function()- {- header( "Access-Control-Allow-Origin: *" );- }- );- - add_action( 'rest_api_init', [$this, 'init_api'] ); // endpoint url-- }- - - function init_api() {- - foreach(wbps_get_rest_endpoints() as $endpoint) {- + private static $ins = null;++ public static function __instance() {+ is_null(self::$ins) && self::$ins = new self;+ return self::$ins;+ }++ public function __construct() {+ add_filter('woocommerce_rest_check_permissions', '__return_true');++ add_action('rest_api_init', [$this, 'init_api']);+ }++ function init_api() {+ foreach (wbps_get_rest_endpoints() as $endpoint) { register_rest_route('wbps/v1', $endpoint['slug'], array( 'methods' => $endpoint['method'], 'callback' => [$this, $endpoint['callback']], 'permission_callback' => [$this, 'permission_check'],- ));- }- - }- - function check_pro($request){- - if( wbps_pro_is_installed() ){- $wc_keys = get_option('wbps_woocommerce_keys');- wp_send_json_success($wc_keys);- }else{- wp_send_json_error('Not installed'); } }- - // validate request- function permission_check($request){- ++ function permission_check($request) { return true; }- - // 1. check connection- function connection_check($request){- - if( ! $request->sanitize_params() ) {- wp_send_json_error( ['message'=>$request->get_error_message()] );++ function check_pro($request) {+ if (wbps_pro_is_installed()) {+ wp_send_json_success(get_option('wbps_woocommerce_keys'));+ } else {+ wp_send_json_error('Not installed'); }- + }++ function connection_check($request) {+ $params = $request->get_params();+ if (empty($params)) wp_send_json_error(['message' => 'Invalid or empty request parameters.']); wp_send_json_success('connection_ok'); }- - // 2. verifying the authcode generated from Addon.- function verify_authcode($request){- - if( ! $request->sanitize_params() ) {- wp_send_json_error( ['message'=>$request->get_error_message()] );- }- - $data = $request->get_params();- extract($data);++ function verify_authcode($request) {+ $authcode = sanitize_text_field($request->get_param('authcode')); $saved = get_option('wbps_authcode');- - wbps_logger_array($saved);- wbps_logger_array($data);- - if( $authcode !== $saved ) {- wp_send_json_error(__('AuthCode is not valid','wbps'));++ if ($authcode !== $saved) {+ wp_send_json_error(__('AuthCode is not valid', 'wbps')); }- + update_option('wbps_connection_status', 'verified');- $wc_keys = get_option('wbps_woocommerce_keys');- - - $response = ['wc_keys'=>$wc_keys, 'is_pro'=>wbps_pro_is_installed()];- wp_send_json_success($response);+ wp_send_json_success(['wc_keys' => $wc_keys, 'is_pro' => wbps_pro_is_installed()]); }- - function disconnect_store($request){- - if( ! $request->sanitize_params() ) {- wp_send_json_error( ['message'=>$request->get_error_message()] );- }- ++ function disconnect_store($request) { wpbs_disconnect();- - wp_send_json_success(__("Store is unlinked","wbps"));+ wp_send_json_success(__("Store is unlinked", "wbps")); }- - // product sync+ function product_sync($request) {- // Check if the POST data size exceeds the limit $postMaxSizeBytes = wbps_return_bytes(ini_get('post_max_size'));- $postDataSize = strlen(file_get_contents('php://input'));- // wbps_logger_array($postMaxSizeBytes);- - if ($postDataSize > $postMaxSizeBytes) {- // Handle the situation where the POST data size exceeds the limit- wp_send_json_error(['message' => 'The size of the POST data exceeds the limit.']);- }- - // Continue with the rest of the function- if (!$request->sanitize_params()) {- wp_send_json_error(['message' => $request->get_error_message()]);- }- - $data = $request->get_params();- extract($data);- - // wbps_logger_array($data);- - // since version 7.5.2 products are being sent as json- $decodedChunk = json_decode($chunk);- if ($decodedChunk !== null && is_string($chunk) && json_last_error() === JSON_ERROR_NONE) {- // 'chunk' is a valid JSON string- $chunk = json_decode($chunk, true);- }- - - // Parse $general_settings if it's a string- if (is_string($general_settings)) {- $general_settings = json_decode($general_settings, true);+ if (strlen(file_get_contents('php://input')) > $postMaxSizeBytes) {+ wp_send_json_error(['message' => 'POST data exceeds server limit.']); } - // will remove extra indexed level+ $chunk = json_decode(wp_unslash($request->get_param('chunk')), true);+ $general_settings = json_decode(wp_unslash($request->get_param('general_settings')), true); $chunk = array_replace(...$chunk);- // return;+ $products_ins = init_wbps_products(); $response = $products_ins::sync($chunk, $general_settings);- if( is_wp_error($response) ) {- wp_send_json_error($response->get_error_message());- }- - // sleep(intval($chunk));- ++ if (is_wp_error($response)) wp_send_json_error($response->get_error_message()); wp_send_json_success($response); }- - // category sync- function category_sync($request){- - if( ! $request->sanitize_params() ) {- wp_send_json_error( ['message'=>$request->get_error_message()] );- }- - $data = $request->get_params();- extract($data);- - // wbps_logger_array($data);- - // Parse $general_settings if it's a string- if (is_string($general_settings)) {- $general_settings = json_decode($general_settings, true);- }- // will remove extra indexed level++ function category_sync($request) {+ $chunk = json_decode(wp_unslash($request->get_param('chunk')), true);+ $general_settings = json_decode(wp_unslash($request->get_param('general_settings')), true); $chunk = array_replace(...$chunk);+ $categories_ins = init_wbps_categories(); $response = $categories_ins::sync($chunk, $general_settings);- if( is_wp_error($response) ) {- wp_send_json_error($response->get_error_message());- }- - // sleep(intval($chunk));- ++ if (is_wp_error($response)) wp_send_json_error($response->get_error_message()); wp_send_json_success($response); }- - // prepare fetch, return fetchable products/category ids- function prepare_fetch($request){- - if( ! $request->sanitize_params() ) {- wp_send_json_error( ['message'=>$request->get_error_message()] );- }- - if( ! wbps_pro_is_installed() ){++ function prepare_fetch($request) {+ if (!wbps_pro_is_installed()) { $url = 'https://najeebmedia.com/wordpress-plugin/woocommerce-google-sync/';- $msg = 'Pro Version is not installed or deactivated. Learn more about <a href="'.esc_url($url).'" target="_blank">Pro Version</a>';- wp_send_json_error( ['message'=>$msg] );+ $msg = 'Pro Version not installed. <a href="' . esc_url($url) . '" target="_blank">Learn more</a>';+ wp_send_json_error(['message' => $msg]); }- - $data = $request->get_params();- extract($data);- - $refresh = isset($data['refresh_fetch']) && $data['refresh_fetch'] == 'yes' ? true : false;- - if ($refresh) {++ $sheet_name = sanitize_text_field($request->get_param('sheet_name'));+ $product_status = $request->get_param('product_status') ?? ['publish'];++ if ($request->get_param('refresh_fetch') === 'yes') { global $wpdb;- $val = 'wbps_row_id';- - $table = "{$wpdb->prefix}postmeta";- $wpdb->delete($table, array('meta_key' => $val));+ $wpdb->delete("{$wpdb->prefix}postmeta", ['meta_key' => 'wbps_row_id']); } - - - $response = [];- if( $sheet_name === 'products' ) {- $response = wbps_get_syncback_product_ids( $product_status );- }- - // wbps_logger_array($data);- - wp_send_json_success($response);+ if ($sheet_name === 'products') {+ $response = wbps_get_syncback_product_ids($product_status);+ wp_send_json_success($response);+ }++ wp_send_json_error(['message' => 'Unsupported sheet name']); }- - // now fetch products from store to sheet- function product_fetch($request){- - if( ! $request->sanitize_params() ) {- wp_send_json_error( ['message'=>$request->get_error_message()] );- }- - $data = $request->get_params();- extract($data);- - - // since version 7.5.2 products are being sent as json- $decodedChunk = json_decode($chunk);- if ($decodedChunk !== null && is_string($chunk) && json_last_error() === JSON_ERROR_NONE) {- // 'chunk' is a valid JSON string- $chunk = json_decode($chunk, true);- }- - // wbps_logger_array($response);- - /**- * chunk, sheet_header, general_settings, last_row- * */- ++ function product_fetch($request) {+ $chunk = json_decode(wp_unslash($request->get_param('chunk')), true);+ $sheet_header = $request->get_param('sheet_header');+ $general_settings = $request->get_param('general_settings');+ $last_row = intval($request->get_param('last_row'));+ $products_ins = init_wbps_products(); $response = $products_ins::fetch($chunk, $sheet_header, $general_settings, $last_row);- - wp_send_json_success(['products'=>json_encode($response)]);+ wp_send_json_success(['products' => json_encode($response)]); }- - // now fetch categories from store to sheet- function category_fetch($request){- - if( ! $request->sanitize_params() ) {- wp_send_json_error( ['message'=>$request->get_error_message()] );- }- - if( ! wbps_pro_is_installed() ){++ function category_fetch($request) {+ if (!wbps_pro_is_installed()) { $url = 'https://najeebmedia.com/wordpress-plugin/woocommerce-google-sync/';- $msg = 'Pro Version is not installed or deactivated. Learn more about <a href="'.esc_url($url).'" target="_blank">Pro Version</a>';- wp_send_json_error( ['message'=>$msg] );+ $msg = 'Pro Version not installed. <a href="' . esc_url($url) . '" target="_blank">Learn more</a>';+ wp_send_json_error(['message' => $msg]); }- - $data = $request->get_params();- extract($data);- - $refresh = isset($data['refresh_fetch']) && $data['refresh_fetch'] == 'yes' ? true : false;- - if ($refresh) {++ $sheet_header = $request->get_param('sheet_header');+ $general_settings = $request->get_param('general_settings');+ $last_row = intval($request->get_param('last_row'));++ if ($request->get_param('refresh_fetch') === 'yes') { global $wpdb;- $val = 'wbps_row_id';- - $table = "{$wpdb->prefix}termmeta";- $wpdb->delete( $table, array( 'meta_key' => $val ) );- }- - // wbps_logger_array($data);- - /**- * sheet_header, general_settings, last_row- * */- + $wpdb->delete("{$wpdb->prefix}termmeta", ['meta_key' => 'wbps_row_id']);+ }+ $categories_ins = init_wbps_categories(); $response = $categories_ins::fetch($sheet_header, $general_settings, $last_row);- - wp_send_json_success(['categories'=>json_encode($response)]);+ wp_send_json_success(['categories' => json_encode($response)]); }- - function attributes_fetch($request){- - if( ! $request->sanitize_params() ) {- wp_send_json_error( ['message'=>$request->get_error_message()] );- }- - if( ! wbps_pro_is_installed() ){++ function attributes_fetch($request) {+ if (!wbps_pro_is_installed()) { $url = 'https://najeebmedia.com/wordpress-plugin/woocommerce-google-sync/';- $msg = 'Pro Version is not installed or deactivated. Learn more about <a href="'.esc_url($url).'" target="_blank">Pro Version</a>';- wp_send_json_error( ['message'=>$msg] );+ wp_send_json_error(['message' => 'Pro Version not installed. <a href="' . esc_url($url) . '" target="_blank">Learn more</a>']); }- - $data = $request->get_params();- extract($data);- - $refresh = isset($data['refresh_fetch']) && $data['refresh_fetch'] == 'yes' ? true : false;- - $attributes_data = array(); + $attributes_data = []; foreach (wc_get_attribute_taxonomies() as $values) {- $attribute_data = array(+ $terms = get_terms(['taxonomy' => 'pa_' . $values->attribute_name, 'hide_empty' => false]);+ $attributes_data[] = [ 'id' => $values->attribute_id, 'name' => $values->attribute_label,- 'terms' => array()- );- - // Get the array of term objects for each product attribute- $term_objects = get_terms(array('taxonomy' => 'pa_' . $values->attribute_name, 'hide_empty' => false));- - // Extract term names from term objects- foreach ($term_objects as $term) {- $attribute_data['terms'][] = $term->name;- }- - $attributes_data[] = $attribute_data;- }-- - wp_send_json_success(['attributes'=>json_encode($attributes_data)]);- }- - - - // when product is created inside via webhook, now link it inside store+ 'terms' => wp_list_pluck($terms, 'name')+ ];+ }++ wp_send_json_success(['attributes' => json_encode($attributes_data)]);+ }+ function link_new_product($request) {- - if( ! $request->sanitize_params() ) {- wp_send_json_error( ['message'=>$request->get_error_message()] );- }- - $data = $request->get_params();- extract($data);- - $response = update_post_meta($product_id, 'wbps_row_id', intval($row_id));- // wbps_logger_array($response);- + $product_id = intval($request->get_param('product_id'));+ $row_id = intval($request->get_param('row_id'));+ $response = update_post_meta($product_id, 'wbps_row_id', $row_id); wp_send_json($response); }- - // when connecting, all webhook will be sent here after WC Auth- // to save woocommerce keys- function webhook_callback($request){- - $data = $request->get_params();- - // wbps_logger_array($data);- ++ function webhook_callback($request) {+ $data = $request->get_params(); delete_option('wbps_woocommerce_keys');- // saving woocommerce keys update_option('wbps_woocommerce_keys', $data); return ''; }- - // Enabling the webhook- function enable_webhook($request){- - if( ! wbps_pro_is_installed() ) {- $url = 'https://najeebmedia.com/googlesync';- wp_send_json_error(sprintf(__('Pro version is not installed or active <a target="_blank" href="%s">Get Pro</a>'), $url));- }- - $data = $request->get_params();- update_option('wbps_webhook_url', $data['webapp_url']);- ++ function enable_webhook($request) {+ if (!wbps_pro_is_installed()) {+ wp_send_json_error(__('Pro version not active. <a target="_blank" href="https://najeebmedia.com/googlesync">Get Pro</a>', 'wbps'));+ }++ $url = esc_url_raw($request->get_param('webapp_url'));+ update_option('wbps_webhook_url', $url); wp_send_json_success('AutoFetch is enabled'); }- - // Disabling the webhook- function disable_webhook($request){- - $data = $request->get_params();- ++ function disable_webhook($request) { delete_option('wbps_webhook_url'); return ''; }- - function save_sheet_props($request){- - $data = $request->get_params();- - // wbps_logger_array($data);++ function save_sheet_props($request) {+ $data = $request->get_params(); update_option('wbps_sheet_props', $data);- wp_send_json_success(__("Properties updated successfully.", 'wbps')); }- - function relink_products($request){- - $data = $request->get_params();- - $prodcts_links = json_decode($data['product_links'],true);- // wbps_logger_array($prodcts_links);- ++ function relink_products($request) { global $wpdb;- $postmeta_table = $wpdb->prefix.'postmeta';+ $data = json_decode(wp_unslash($request->get_param('product_links')), true);+ $postmeta_table = $wpdb->prefix . 'postmeta'; $metakey = 'wbps_row_id';- - $wpsql = "INSERT INTO {$postmeta_table} (post_id,meta_key,meta_value) VALUES ";- $delqry = "DELETE FROM {$postmeta_table} WHERE meta_key='{$metakey}'";- - foreach($prodcts_links as $link){- - $row_id = $link['row_id'];- $prod_id = $link['product_id'];- - $metaval = $row_id;- $postid = $prod_id; // term id- - // Term meta sql- $wpsql .= "({$postid}, '{$metakey}', '{$metaval}'),";- - }- - // wbps_logger_array($delqry);- $wpdb->query($delqry);- - //insert query- $wpsql = rtrim($wpsql, ',');- - // wbps_logger_array($wpsql);- - $wpdb->query($wpsql);- ++ // Delete old+ $wpdb->query($wpdb->prepare("DELETE FROM {$postmeta_table} WHERE meta_key = %s", $metakey));++ // Insert new+ $placeholders = [];+ $values = [];+ foreach ($data as $link) {+ $placeholders[] = "(%d, %s, %s)";+ $values[] = intval($link['product_id']);+ $values[] = $metakey;+ $values[] = strval($link['row_id']);+ }++ if (!empty($placeholders)) {+ $sql = "INSERT INTO {$postmeta_table} (post_id, meta_key, meta_value) VALUES " . implode(',', $placeholders);+ $wpdb->query($wpdb->prepare($sql, ...$values));+ }+ wp_send_json_success(__("Properties updated successfully.", 'wbps')); }- - } -function init_wbps_wp_rest(){- return WBPS_WP_REST::__instance();-}\ No newline at end of file+function init_wbps_wp_rest() {+ return WBPS_WP_REST::__instance();+}
AI Analysis
Vulnerability Existed: yes
FALSE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - File includes/wprest.class.php Lines 121, 122
Old Code:
```php
$chunk = json_decode(wp_unslash($request->get_param('chunk')), true);
$general_settings = json_decode(wp_unslash($request->get_param('general_settings')), true);
```
Fixed Code:
```php
$chunk = json_decode(wp_unslash($request->get_param('chunk')), true);
$general_settings = json_decode(wp_unslash($request->get_param('general_settings')), true);
```
Explanation:
The old code used `extract($data)` which is dangerous as it can overwrite variables and lead to security issues. The new code removes `extract()` and directly accesses parameters with `$request->get_param()`, which is safer. However, the new code still uses `wp_unslash()` on unsanitized input before JSON decoding, which could allow malicious JSON payloads. The fix improves security by removing `extract()` but may still be vulnerable to JSON injection if the decoded data is used unsafely.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - File includes/wprest.class.php Lines 194-196
Old Code:
```php
$delqry = "DELETE FROM {$postmeta_table} WHERE meta_key='{$metakey}'";
// ...
$wpdb->query($delqry);
```
Fixed Code:
```php
$wpdb->query($wpdb->prepare("DELETE FROM {$postmeta_table} WHERE meta_key = %s", $metakey));
```
Explanation:
The old code directly interpolated `$metakey` into the SQL string, which could allow SQL injection if `$metakey` were controlled by an attacker. The new code uses `$wpdb->prepare()` with a placeholder (`%s`), properly escaping the value and preventing SQL injection.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-352: Cross-Site Request Forgery (CSRF) - File includes/wprest.class.php Lines 30-35
Old Code:
```php
function permission_check($request) {
return true;
}
```
Fixed Code:
```php
function permission_check($request) {
return true;
}
```
Explanation:
The permission callback for all REST endpoints returns `true` without any authentication or nonce verification. This makes the endpoints accessible to unauthenticated users, potentially allowing CSRF attacks. The vulnerability remains unchanged in the new code, as no authentication mechanism was added.
Vulnerability Existed: yes
FALSE POSITIVE
CWE-20: Improper Input Validation - File includes/wprest.class.php Lines 45-48
Old Code:
```php
function connection_check($request) {
$params = $request->get_params();
if (empty($params)) wp_send_json_error(['message' => 'Invalid or empty request parameters.']);
wp_send_json_success('connection_ok');
}
```
Fixed Code:
```php
function connection_check($request) {
$params = $request->get_params();
if (empty($params)) wp_send_json_error(['message' => 'Invalid or empty request parameters.']);
wp_send_json_success('connection_ok');
}
```
Explanation:
The old code had minimal input validation. The new code adds a check for empty parameters but still lacks thorough validation (e.g., checking parameter types or structure). This could lead to issues if malformed data is processed later. The fix improves validation slightly but may still be insufficient.
Vulnerability Existed: yes
FALSE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - File includes/wprest.class.php Lines 96-99
Old Code:
```php
$msg = 'Pro Version is not installed or deactivated. Learn more about <a href="'.esc_url($url).'" target="_blank">Pro Version</a>';
wp_send_json_error( ['message'=>$msg] );
```
Fixed Code:
```php
$msg = 'Pro Version not installed. <a href="' . esc_url($url) . '" target="_blank">Learn more</a>';
wp_send_json_error(['message' => $msg]);
```
Explanation:
The old code returned an HTML link in the error message without proper escaping when output. The new code uses `esc_url()` for the URL, which helps prevent XSS. However, the entire message is still returned as HTML, and if the message is ever output without proper escaping, it could be vulnerable. The fix improves security but may not fully mitigate XSS.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - File includes/wprest.class.php Lines 34-40
Old Code:
```php
function check_pro($request) {
if (wbps_pro_is_installed()) {
wp_send_json_success(get_option('wbps_woocommerce_keys'));
} else {
wp_send_json_error('Not installed');
}
}
```
Fixed Code:
```php
function check_pro($request) {
if (wbps_pro_is_installed()) {
wp_send_json_success(get_option('wbps_woocommerce_keys'));
} else {
wp_send_json_error('Not installed');
}
}
```
Explanation:
The endpoint returns WooCommerce keys (potentially sensitive) without authentication. This could expose sensitive API credentials to unauthorized users. The vulnerability remains unchanged in the new code, as no authentication was added.
Vulnerability Existed: yes
FALSE POSITIVE
CWE-434: Unrestricted Upload of File with Dangerous Type - File includes/wprest.class.php Lines 66-73
Old Code:
```php
$postMaxSizeBytes = wbps_return_bytes(ini_get('post_max_size'));
if (strlen(file_get_contents('php://input')) > $postMaxSizeBytes) {
wp_send_json_error(['message' => 'POST data exceeds server limit.']);
}
```
Fixed Code:
```php
$postMaxSizeBytes = wbps_return_bytes(ini_get('post_max_size'));
if (strlen(file_get_contents('php://input')) > $postMaxSizeBytes) {
wp_send_json_error(['message' => 'POST data exceeds server limit.']);
}
```
Explanation:
The `product_sync` function accepts large JSON payloads that could be used to upload malicious data (e.g., scripts) if the processed data is stored unsafely. The new code adds a size check to prevent overly large requests, which helps mitigate denial-of-service but doesn't address the potential for dangerous content. The fix improves resilience but may not prevent all upload-related attacks.
Vulnerability Existed: not sure
CWE-918: Server-Side Request Forgery (SSRF) - File includes/wprest.class.php Lines 169-172
Old Code:
```php
$url = esc_url_raw($request->get_param('webapp_url'));
update_option('wbps_webhook_url', $url);
```
Fixed Code:
```php
$url = esc_url_raw($request->get_param('webapp_url'));
update_option('wbps_webhook_url', $url);
```
Explanation:
The `enable_webhook` function accepts a URL parameter and stores it. If this URL is later used to make requests (e.g., in webhooks), it could be exploited for SSRF. The new code uses `esc_url_raw()` for sanitization, which may prevent some malicious URLs but doesn't fully validate or restrict the URL scheme. The risk depends on how the stored URL is used later, which is not shown in the diff.
CVE Analysis Results:
CVE-2025-31599: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6.
[CVE-2025-32550] [Click & Pledge CONNECT: 2.24080000-WP6.6.1→2.24120000-WP6.7.1] ChannelDetails.php
AI: 4 vulnerabilities
4 true positives
CVE-2025-32550
--- cache/click-pledge-connect_2.24080000-WP6.6.1/ChannelDetails.php 2025-12-04 14:06:23.600345305 +0000+++ cache/click-pledge-connect_2.24120000-WP6.7.1/ChannelDetails.php 2025-12-04 14:06:27.808615423 +0000@@ -1,87 +1,154 @@-<?php -function cnp_channeldetails() { - - global $wpdb; global $cnp_channeltable_name;global $cnp_channelgrptable_name; global $cnp_settingtable_name; - $info = $_REQUEST["info"]; - $cnpresltdsply = ""; - if($info=="saved") - { - echo "<div class='updated' id='message'><p><strong>Form Added</strong>.</p></div>"; - } - if($info=="failed") - { - echo "<div class='updated' id='message'><p><strong>Already Existed</strong>.</p></div>"; - } - if($info=="upd") - { - echo "<div class='updated' id='message'><p><strong>Form updated</strong>.</p></div>"; - } - if($info=="del") - { - $delid=$_GET["did"]; - $wpdb->query("delete from ".$cnp_channeltable_name." where cnpchannel_id =".$delid); - echo "<div class='updated' id='message'><p><strong>Record Deleted.</strong>.</p></div>"; - } - -?> -<script type="text/javascript"> - /* <![CDATA[ */ - jQuery(document).ready(function(){ - jQuery('#cnpformslist').dataTable(); - jQuery("tr:even").css("background-color", "#f1f1f1"); - }); - /* ]]> */ - -</script> -<?php /*<td nowrap><u><a href="admin.php?page=cnpform_add&cnpid='.$id.'"">Edit</a></u></td> <th></th>*/ - $cnpfrmid = $_REQUEST['cnpviewid']; - $rcnpid = $_REQUEST['cnpid']; - $cnpresltdsply = '<div class="wrap"> - <h2>View Channels </h2><p></p> - <table class="wp-list-table widefat" id="cnpformslist" ><thead><tr><th><u>ID</u></th><th><u>Channel</u></th><th><u>Start Date/Time</u></th><th><u>End Date/Time</u></th><th></th></tr></thead><tbody>'; - - $sql = "select * from ".$cnp_channeltable_name." join ".$cnp_channelgrptable_name." on cnpchannelgrp_ID = cnpchannel_cnpchannelgrp_ID join ".$cnp_settingtable_name ." on cnpstngs_ID = cnpchannelgrp_cnpstngs_ID where cnpchannel_cnpchannelgrp_ID ='".$cnpfrmid."' order by cnpchannel_id desc"; - $result = $wpdb->get_results($sql); - - if($wpdb->num_rows > 0 ) - { $sno=1; - foreach($result as $cnpchannelData): - - $id = $cnpchannelData->cnpchannel_id; - $cnpfrmid = $cnpchannelData->cnpchannel_cnpchannelgrp_ID; - $cname = $cnpchannelData->cnpchannel_channelName; - - $stdate = $cnpchannelData->cnpchannel_channelStartDate; - $eddate = $cnpchannelData->cnpchannel_channelEndDate; - $seldate = $cnpchannelData->cnpchannel_DateCreated; - $frmstdate = new DateTime($stdate); - $frmeddate = new DateTime($eddate); - $isexistpledgetvchannel = isexistpledgetvchannel($cnpchannelData->cnpstngs_AccountNumber,$cnpchannelData->cnpstngs_guid,$cnpchannelData->cnpchannel_channelName); - - if($isexistpledgetvchannel != "no"){ - $rtrnval = explode("~",$isexistpledgetvchannel); - $cname = $rtrnval[1]." (".$cname.")"; - } - if($eddate == "0000-00-00 00:00:00") {$eddate ="";} - if($eddate!=""){ - $eddate = new DateTime($eddate); - $nwenddt = $eddate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP);} - $cnpresltdsply .= '<tr><td>'.$sno.'</td><td >'.$cname.'</td><td >'.$frmstdate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP).'</td> - <td >'.$nwenddt.'</td><td nowrap>'; - if($isexistpledgetvchannel == "no"){ - $cnpresltdsply .= '<font color="red"><strong>Channel has been deleted from Connect</strong></font>'; - }else{ - if(count($result)!= 1){ - $cnpresltdsply .= '<u><a href="admin.php?page=cnp_channeldetails&cnpviewid='.$cnpfrmid.'&cnpid='.$rcnpid.'&info=del&did='.$id.'" ><span class="dashicons dashicons-trash"></span></a></u>'; - }else{$cnpresltdsply .= ' ';}} - - $cnpresltdsply .= '</td></tr>'; - $sno++; - endforeach; - } - else { $cnpresltdsply .= '<tr><td>No Record Found!</td><tr>'; } - - $cnpresltdsply .= '</tbody></table></div><div class="dataTables_paginate" ><a href="admin.php?page=cnp_pledgetvchannelsdetails"><strong>Go back to Channels</strong></a></div>'; - echo $cnpresltdsply ; -} +<?php+function cnp_channeldetails() {++ global $wpdb; global $cnp_channeltable_name;global $cnp_channelgrptable_name; global $cnp_settingtable_name;+ $info = isset($_REQUEST["info"]) ? sanitize_text_field(wp_unslash($_REQUEST["info"])) : '';++ $cnpresltdsply = "";+ if($info=="saved")+ {+ echo "<div class='updated' id='message'><p><strong>Form Added</strong>.</p></div>";+ }+ if($info=="failed")+ {+ echo "<div class='updated' id='message'><p><strong>Already Existed</strong>.</p></div>";+ }+ if($info=="upd")+ {+ echo "<div class='updated' id='message'><p><strong>Form updated</strong>.</p></div>";+ }+ if ($info == "del") {+ + $delid = isset($_GET["did"]) ? intval($_GET["did"]) : 0;++ if ($delid > 0) {+ + $deleted = $wpdb->delete(+ $cnp_channeltable_name, // Table name+ ['cnpchannel_id' => $delid], // WHERE clause+ ['%d'] // Data format (integer)+ );++ if ($deleted) {+ echo "<div class='updated' id='message'><p><strong>Record Deleted.</strong></p></div>";+ } else {+ echo "<div class='error' id='message'><p><strong>Failed to delete the record.</strong></p></div>";+ }+ } else {+ echo "<div class='error' id='message'><p><strong>Invalid ID provided.</strong></p></div>";+ }+}+++?>+<script type="text/javascript">+ /* <![CDATA[ */+ jQuery(document).ready(function(){+ jQuery('#cnpformslist').dataTable();+ jQuery("tr:even").css("background-color", "#f1f1f1");+ });+ /* ]]> */++</script>+<?php + $cnpfrmid = isset($_REQUEST['cnpviewid']) ? sanitize_text_field(wp_unslash($_REQUEST['cnpviewid'])) : '';+$rcnpid = isset($_REQUEST['cnpid']) ? sanitize_text_field(wp_unslash($_REQUEST['cnpid'])) : '';++$cnpresltdsply = '<div class="wrap">+ <h2>View Channels </h2><p></p>+ <table class="wp-list-table widefat" id="cnpformslist">+ <thead>+ <tr>+ <th><u>ID</u></th>+ <th><u>Channel</u></th>+ <th><u>Start Date/Time</u></th>+ <th><u>End Date/Time</u></th>+ <th></th>+ </tr>+ </thead>+ <tbody>';++// Use a prepared SQL query for security+$sql = $wpdb->prepare(+ "SELECT * + FROM {$cnp_channeltable_name} + JOIN {$cnp_channelgrptable_name} ON cnpchannelgrp_ID = cnpchannel_cnpchannelgrp_ID + JOIN {$cnp_settingtable_name} ON cnpstngs_ID = cnpchannelgrp_cnpstngs_ID + WHERE cnpchannel_cnpchannelgrp_ID = %d + ORDER BY cnpchannel_id DESC",+ $cnpfrmid+);++$result = $wpdb->get_results($sql);++if (!empty($result)) {+ $sno = 1;++ foreach ($result as $cnpchannelData) {+ $id = $cnpchannelData->cnpchannel_id;+ $cnpfrmid = $cnpchannelData->cnpchannel_cnpchannelgrp_ID;+ $cname = esc_html($cnpchannelData->cnpchannel_channelName);++ $stdate = $cnpchannelData->cnpchannel_channelStartDate;+ $eddate = $cnpchannelData->cnpchannel_channelEndDate;++ $frmstdate = new DateTime($stdate);+ $frmeddate = ($eddate === "0000-00-00 00:00:00") ? null : new DateTime($eddate);+++ $isexistpledgetvchannel = isexistpledgetvchannel(+ $cnpchannelData->cnpstngs_AccountNumber,+ $cnpchannelData->cnpstngs_guid,+ $cnpchannelData->cnpchannel_channelName+ );++ if ($isexistpledgetvchannel !== "no") {+ $rtrnval = explode("~", $isexistpledgetvchannel);+ $cname = esc_html($rtrnval[1]) . " (" . esc_html($cname) . ")";+ }++ $nwenddt = $frmeddate ? $frmeddate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP) : '';++ $cnpresltdsply .= '<tr>+ <td>' . esc_html($sno) . '</td>+ <td>' . $cname . '</td>+ <td>' . $frmstdate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP) . '</td>+ <td>' . esc_html($nwenddt) . '</td>+ <td nowrap>';++ if ($isexistpledgetvchannel === "no") {+ $cnpresltdsply .= '<font color="red"><strong>Channel has been deleted from Connect</strong></font>';+ } else {+ if (count($result) != 1) {+ $delete_url = esc_url(+ add_query_arg(+ [+ 'page' => 'cnp_channeldetails',+ 'cnpviewid' => $cnpfrmid,+ 'cnpid' => $rcnpid,+ 'info' => 'del',+ 'did' => $id,+ ],+ admin_url('admin.php')+ )+ );+ $cnpresltdsply .= '<u><a href="' . $delete_url . '"><span class="dashicons dashicons-trash"></span></a></u>';+ } else {+ $cnpresltdsply .= ' ';+ }+ }++ $cnpresltdsply .= '</td></tr>';+ $sno++;+ }+} else {+ $cnpresltdsply .= '<tr><td colspan="5">No Record Found!</td></tr>';+}++++ + $cnpresltdsply .= '</tbody></table></div><div class="dataTables_paginate" ><a href="admin.php?page=cnp_pledgetvchannelsdetails"><strong>Go back to Channels</strong></a></div>';+ echo $cnpresltdsply ;+} ?>\ No newline at end of file
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - ChannelDetails.php Lines 31-32
Old Code:
```php
$delid=$_GET["did"];
$wpdb->query("delete from ".$cnp_channeltable_name." where cnpchannel_id =".$delid);
```
Fixed Code:
```php
$delid = isset($_GET["did"]) ? intval($_GET["did"]) : 0;
if ($delid > 0) {
$deleted = $wpdb->delete(
$cnp_channeltable_name,
['cnpchannel_id' => $delid],
['%d']
);
```
Explanation:
The old code directly concatenated user input (`$_GET["did"]`) into an SQL query without validation or sanitization, allowing SQL injection. The fix uses `intval()` to ensure the value is an integer and uses WordPress's `$wpdb->delete()` method with prepared statement placeholders, neutralizing the injection risk.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - ChannelDetails.php Lines 5, 50-51, 55, 86, 112, 115, 118
Old Code:
```php
$info = $_REQUEST["info"];
$cnpfrmid = $_REQUEST['cnpviewid'];
$rcnpid = $_REQUEST['cnpid'];
$cname = $cnpchannelData->cnpchannel_channelName;
$cnpresltdsply .= '<tr><td>'.$sno.'</td><td >'.$cname.'</td><td >'.$frmstdate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP).'</td>
<td >'.$nwenddt.'</td><td nowrap>';
```
Fixed Code:
```php
$info = isset($_REQUEST["info"]) ? sanitize_text_field(wp_unslash($_REQUEST["info"])) : '';
$cnpfrmid = isset($_REQUEST['cnpviewid']) ? sanitize_text_field(wp_unslash($_REQUEST['cnpviewid'])) : '';
$rcnpid = isset($_REQUEST['cnpid']) ? sanitize_text_field(wp_unslash($_REQUEST['cnpid'])) : '';
$cname = esc_html($cnpchannelData->cnpchannel_channelName);
$cnpresltdsply .= '<tr>
<td>' . esc_html($sno) . '</td>
<td>' . $cname . '</td>
<td>' . $frmstdate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP) . '</td>
<td>' . esc_html($nwenddt) . '</td>
<td nowrap>';
```
Explanation:
The old code used unsanitized user input (`$_REQUEST`) and database values directly in HTML output, enabling stored and reflected XSS. The fix applies `sanitize_text_field()` and `wp_unslash()` to input variables and `esc_html()` to dynamic content in HTML, preventing script injection.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - ChannelDetails.php Lines 31-32
Old Code:
```php
$sql = "select * from ".$cnp_channeltable_name." join ".$cnp_channelgrptable_name." on cnpchannelgrp_ID = cnpchannel_cnpchannelgrp_ID join ".$cnp_settingtable_name ." on cnpstngs_ID = cnpchannelgrp_cnpstngs_ID where cnpchannel_cnpchannelgrp_ID ='".$cnpfrmid."' order by cnpchannel_id desc";
$result = $wpdb->get_results($sql);
```
Fixed Code:
```php
$sql = $wpdb->prepare(
"SELECT *
FROM {$cnp_channeltable_name}
JOIN {$cnp_channelgrptable_name} ON cnpchannelgrp_ID = cnpchannel_cnpchannelgrp_ID
JOIN {$cnp_settingtable_name} ON cnpstngs_ID = cnpchannelgrp_cnpstngs_ID
WHERE cnpchannel_cnpchannelgrp_ID = %d
ORDER BY cnpchannel_id DESC",
$cnpfrmid
);
$result = $wpdb->get_results($sql);
```
Explanation:
The old query concatenated `$cnpfrmid` (user-controlled via `$_REQUEST['cnpviewid']`) directly into the SQL string, enabling SQL injection. The fix uses `$wpdb->prepare()` with a `%d` placeholder to safely parameterize the integer value, preventing injection.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - ChannelDetails.php Lines 75-76
Old Code:
```php
$cnpresltdsply .= '<u><a href="admin.php?page=cnp_channeldetails&cnpviewid='.$cnpfrmid.'&cnpid='.$rcnpid.'&info=del&did='.$id.'" ><span class="dashicons dashicons-trash"></span></a></u>';
```
Fixed Code:
```php
$delete_url = esc_url(
add_query_arg(
[
'page' => 'cnp_channeldetails',
'cnpviewid' => $cnpfrmid,
'cnpid' => $rcnpid,
'info' => 'del',
'did' => $id,
],
admin_url('admin.php')
)
);
$cnpresltdsply .= '<u><a href="' . $delete_url . '"><span class="dashicons dashicons-trash"></span></a></u>';
```
Explanation:
The old code constructed a URL with unsanitized variables (`$cnpfrmid`, `$rcnpid`, `$id`), risking XSS if malicious values were injected into the href attribute. The fix uses `esc_url()` and `add_query_arg()` to safely build and escape the URL, mitigating XSS in link attributes.
CVE Analysis Results:
CVE-2025-32550: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.
[CVE-2025-32550] [Click & Pledge CONNECT: 2.24080000-WP6.6.1→2.24120000-WP6.7.1] FormAdd.php
AI: 3 vulnerabilities
2 false positives, 1 true positive
CVE-2025-32550
--- cache/click-pledge-connect_2.24080000-WP6.6.1/FormAdd.php 2025-12-04 14:06:23.608345819 +0000+++ cache/click-pledge-connect_2.24120000-WP6.7.1/FormAdd.php 2025-12-04 14:06:27.828616706 +0000@@ -1,67 +1,84 @@ <?php ob_start();-if ( ! defined( 'ABSPATH' ) ) exit;-function cnps_addform() {- -if(isset($_POST["cnpbtnsave"]))-{- $addform= wp_unslash( sanitize_text_field( $_POST["addformval"]));- global $wpdb;- global $cnp_table_name;- if($addform==1)- {- $cnprtnval = CNPCF_addNewForms($cnp_table_name,$_POST);- if($cnprtnval == true){$cnpredirectval = "saved";}else{$cnpredirectval = "failed";}- wp_redirect("admin.php?page=cnp_formsdetails&info=".$cnpredirectval);- exit;- }- else if($addform==2)- {- $cnprtnval =CNPCF_updateForms($cnp_table_name,$_POST);- if($cnprtnval == true){$cnpredirectval = "upd";}else{$cnpredirectval = "failed";}- wp_redirect("admin.php?page=cnp_formsdetails&info=".$cnpredirectval);- exit;- } -} $dsplycntnt ="";- $cnpaccountfriendlynams = CNPCF_getAccountIdList();- $cnpsettingscount = CNPCF_getAccountNumbersCount();- if($cnpsettingscount==1){$dsplycntnt = 'class="disabled"';}- $hidval = 1;- $act=wp_unslash( sanitize_text_field( $_REQUEST["cnpviewid"] ) );- if(isset($act) && $act!="")- {- global $wpdb;- global $cnp_table_name;- global $cnp_formtable_name;- $cnpviewid = wp_unslash( sanitize_text_field( $_GET['cnpviewid'] ) );- $cnpfrmdtresult = CNPCF_GetCnPGroupDetails($cnp_table_name,'cnpform_ID',$cnpviewid);- $cnpfrmrtnval = CNPCF_GetCnPGroupDetails($cnp_formtable_name,'cnpform_cnpform_ID',$cnpviewid);- foreach ($cnpfrmdtresult as $cnprtnval) {}-- if (count($cnpfrmdtresult)> 0 )- {--- $cnpfrmid = $cnprtnval->cnpform_ID;- $cnpfrmgroupname = $cnprtnval->cnpform_groupname;- $cnpfrmAccountNumber = $cnprtnval->cnpform_cnpstngs_ID;- $cnpfrmtype = $cnprtnval->cnpform_type;- $cnpfrmptype = $cnprtnval->cnpform_ptype;- $cnpfrmtext = $cnprtnval->cnpform_text;- $cnpfrmimg = $cnprtnval->cnpform_img;- $cnpfrmshortcode = $cnprtnval->cnpform_shortcode;- $cnpfrmStartDate = $cnprtnval->cnpform_Form_StartDate;- $cnpfrmEndDate = $cnprtnval->cnpform_Form_EndDate;- $cnpfrmerrmsg = $cnprtnval->cnpform_custommsg;- if($cnpfrmEndDate == "0000-00-00 00:00:00") {$cnpfrmEndDate ="";}- $cnpfrmstatus = $cnprtnval->cnpform_status;- $btn = "Update form";- $hidval = 2;+if (!defined('ABSPATH')) {+ exit; // Prevent direct access+} - $cnpeditaccountfriendlynams = CNPCF_editgetAccountIdList($cnpfrmAccountNumber);+function cnps_addform() {+ +if (isset($_POST["cnpbtnsave"])) {+ + $addform = isset($_POST["addformval"]) ? sanitize_text_field(wp_unslash($_POST["addformval"])) : '';++ + global $wpdb;+ global $cnp_table_name;++ if ($addform == 1) {+ + $cnprtnval = CNPCF_addNewForms($cnp_table_name, $_POST);++ + $cnpredirectval = $cnprtnval ? "saved" : "failed";+ wp_redirect(admin_url("admin.php?page=cnp_formsdetails&info=" . $cnpredirectval));+ exit;++ } elseif ($addform == 2) {+ // Update existing form+ $cnprtnval = CNPCF_updateForms($cnp_table_name, $_POST);++ $cnpredirectval = $cnprtnval ? "upd" : "failed";+ wp_redirect(admin_url("admin.php?page=cnp_formsdetails&info=" . $cnpredirectval));+ exit;+ }+} +$dsplycntnt ="";+$cnpaccountfriendlynams = CNPCF_getAccountIdList();+$cnpsettingscount = CNPCF_getAccountNumbersCount();+$dsplycntnt = ($cnpsettingscount == 1) ? 'class="disabled"' : '';+$hidval = 1;+$act = isset($_REQUEST["cnpviewid"]) ? sanitize_text_field(wp_unslash($_REQUEST["cnpviewid"])) : '';++if (!empty($act)) {+global $wpdb;+global $cnp_table_name;+global $cnp_formtable_name;+++$cnpviewid = isset($_GET['cnpviewid']) ? sanitize_text_field(wp_unslash($_GET['cnpviewid'])) : '';++if (!empty($cnpviewid)) {+ + $cnpfrmdtresult = CNPCF_GetCnPGroupDetails($cnp_table_name, 'cnpform_ID', $cnpviewid);+ $cnpfrmrtnval = CNPCF_GetCnPGroupDetails($cnp_formtable_name, 'cnpform_cnpform_ID', $cnpviewid);++ + if (!empty($cnpfrmdtresult) && is_array($cnpfrmdtresult)) {+ $cnprtnval = $cnpfrmdtresult[0]; ++ // Assign values from the result+ $cnpfrmid = $cnprtnval->cnpform_ID;+ $cnpfrmgroupname = $cnprtnval->cnpform_groupname;+ $cnpfrmAccountNumber = $cnprtnval->cnpform_cnpstngs_ID;+ $cnpfrmtype = $cnprtnval->cnpform_type;+ $cnpfrmptype = $cnprtnval->cnpform_ptype;+ $cnpfrmtext = $cnprtnval->cnpform_text;+ $cnpfrmimg = $cnprtnval->cnpform_img;+ $cnpfrmshortcode = $cnprtnval->cnpform_shortcode;+ $cnpfrmStartDate = $cnprtnval->cnpform_Form_StartDate;+ $cnpfrmEndDate = ($cnprtnval->cnpform_Form_EndDate === "0000-00-00 00:00:00") ? '' : $cnprtnval->cnpform_Form_EndDate;+ $cnpfrmerrmsg = $cnprtnval->cnpform_custommsg;+ $cnpfrmstatus = $cnprtnval->cnpform_status;+$cnpfrmguid="";+ + $btn = "Update form";+ $hidval = 2;+ + $cnpeditaccountfriendlynams = CNPCF_editgetAccountIdList($cnpfrmAccountNumber);+ } +} - } $cnpeditdsplycntnt ='<style> .ui-widget-header,.ui-state-default, ui-button {@@ -220,7 +237,7 @@ </td></tr> </table> </div>- <div style="text-align-last:center;">+ <div style="text-align-last:center;position: relative;top: 10px;"> <div> <input type="button" name="cnpbtnedit" id="cnpbtnedit" value="Close" class="add-new-h2" onclick="window.history.go(-1); return false;"> <input type="submit" name="cnpbtnsave" id="cnpbtnsave" value="Save" class="add-new-h2"> <div class="dataTables_paginate" ><a href="admin.php?page=cnp_formsdetails"><strong>Go back to Form Groups</strong></a></div>@@ -237,7 +254,7 @@ } else {-+$btn = isset($btn) ? $btn : ''; $cnpdsplycntnt ='<div class="Fader" style="display:none;"> </div> <div id="dialogForm" title="URL Parameter(s):" style="display:none;"> <form id="myform" method="post">@@ -360,7 +377,7 @@ </td></tr> </table> </div>- <div style="text-align-last:center;">+ <div style="text-align-last:center;position: relative;top: 10px;"> <div> <br> <input type="button" name="cnpbtnclose" id="cnpbtnclose" value="Close" class="add-new-h2" onclick="window.history.go(-1); return false;">
AI Analysis
Vulnerability Existed: yes
FALSE POSITIVE
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CWE 79 - FormAdd.php Lines 21, 29
Old Code:
```php
wp_redirect("admin.php?page=cnp_formsdetails&info=".$cnpredirectval);
```
Fixed Code:
```php
wp_redirect(admin_url("admin.php?page=cnp_formsdetails&info=" . $cnpredirectval));
```
Explanation:
The old code directly concatenated user-controlled or application-generated `$cnpredirectval` into a redirect URL without proper escaping. While `$cnpredirectval` is limited to "saved", "failed", or "upd" in this context, using `admin_url()` ensures the URL is properly constructed and escaped, preventing potential injection attacks or malformed URLs that could lead to open redirects or other issues.
Vulnerability Existed: yes
FALSE POSITIVE
CWE-20 Improper Input Validation - CWE 20 - FormAdd.php Lines 38, 46
Old Code:
```php
$act=wp_unslash( sanitize_text_field( $_REQUEST["cnpviewid"] ) );
if(isset($act) && $act!="")
{
// ...
$cnpviewid = wp_unslash( sanitize_text_field( $_GET['cnpviewid'] ) );
```
Fixed Code:
```php
$act = isset($_REQUEST["cnpviewid"]) ? sanitize_text_field(wp_unslash($_REQUEST["cnpviewid"])) : '';
if (!empty($act)) {
// ...
$cnpviewid = isset($_GET['cnpviewid']) ? sanitize_text_field(wp_unslash($_GET['cnpviewid'])) : '';
```
Explanation:
The old code directly accessed `$_REQUEST["cnpviewid"]` and `$_GET['cnpviewid']` without checking if they exist, which could lead to undefined index notices or unexpected behavior. The fixed code uses `isset()` checks before accessing these array keys, preventing potential PHP warnings and improving input validation.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CWE 89 - FormAdd.php Lines 49-50
Old Code:
```php
$cnpfrmdtresult = CNPCF_GetCnPGroupDetails($cnp_table_name,'cnpform_ID',$cnpviewid);
$cnpfrmrtnval = CNPCF_GetCnPGroupDetails($cnp_formtable_name,'cnpform_cnpform_ID',$cnpviewid);
```
Fixed Code:
```php
$cnpfrmdtresult = CNPCF_GetCnPGroupDetails($cnp_table_name, 'cnpform_ID', $cnpviewid);
$cnpfrmrtnval = CNPCF_GetCnPGroupDetails($cnp_formtable_name, 'cnpform_cnpform_ID', $cnpviewid);
```
Explanation:
While the SQL injection vulnerability is not directly visible in the diff, the old code passed `$cnpviewid` (which comes from `$_GET['cnpviewid']`) to `CNPCF_GetCnPGroupDetails` without explicit sanitization for SQL queries. The fixed code adds a check `if (!empty($cnpviewid))` before calling these functions, but more importantly, the earlier fix ensures `$cnpviewid` is sanitized with `sanitize_text_field()`. However, `sanitize_text_field()` is not sufficient for SQL injection protection; proper prepared statements or escaping within `CNPCF_GetCnPGroupDetails` would be needed. The diff shows improved input validation but not complete SQL injection mitigation.
Vulnerability Existed: not sure
CWE-352 Cross-Site Request Forgery (CSRF) - CWE 352 - FormAdd.php Lines 6-31
Old Code:
No CSRF protection visible in the old code.
Fixed Code:
No CSRF protection visible in the fixed code.
Explanation:
The code handles form submissions (`$_POST["cnpbtnsave"]`) without any nonce verification or CSRF tokens. This could allow attackers to trick authenticated users into performing unintended actions (e.g., adding or updating forms). However, since the diff does not show the addition of CSRF protection, this vulnerability may still exist. The changes in the diff are focused on input validation and output escaping, not CSRF mitigation.
CVE Analysis Results:
CVE-2025-32550: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.
[CVE-2025-32550] [Click & Pledge CONNECT: 2.24080000-WP6.6.1→2.24120000-WP6.7.1] FormDetails.php
AI: 3 vulnerabilities
3 true positives
CVE-2025-32550
--- cache/click-pledge-connect_2.24080000-WP6.6.1/FormDetails.php 2025-12-04 14:06:23.608345819 +0000+++ cache/click-pledge-connect_2.24120000-WP6.7.1/FormDetails.php 2025-12-04 14:06:27.828616706 +0000@@ -1,77 +1,128 @@-<?php -function cnp_formdetails() { - - global $wpdb; global $cnp_formtable_name; - $info = $_REQUEST["info"]; - $cnpresltdsply = ""; - if($info=="saved") - { - echo "<div class='updated' id='message'><p><strong>Form Added</strong>.</p></div>"; - } - if($info=="failed") - { - echo "<div class='updated' id='message'><p><strong>Already Existed</strong>.</p></div>"; - } - if($info=="upd") - { - echo "<div class='updated' id='message'><p><strong>Form updated</strong>.</p></div>"; - } - if($info=="del") - { - $delid=$_GET["did"]; - $wpdb->query("delete from ".$cnp_formtable_name." where cnpform_ID =".$delid); - echo "<div class='updated' id='message'><p><strong>Record Deleted.</strong>.</p></div>"; - } - -?> -<script type="text/javascript"> - /* <![CDATA[ */ - jQuery(document).ready(function(){ - jQuery('#cnpformslist').dataTable(); - jQuery("tr:even").css("background-color", "#f1f1f1"); - }); - /* ]]> */ - -</script> -<?php /*<td nowrap><u><a href="admin.php?page=cnpform_add&cnpid='.$id.'"">Edit</a></u></td> <th></th>*/ - $cnpfrmid = $_REQUEST['cnpviewid']; - $rcnpid = $_REQUEST['cnpid']; - $cnpresltdsply = '<div class="wrap"> - <h2>View Forms </h2><p></p> - <table class="wp-list-table widefat" id="cnpformslist" ><thead><tr><th><u>ID</u></th><th><u>Campaign Name</u></th><th><u>Form Name</u></th><th><u>GUID</u></th><th><u>Start Date/Time</u></th><th><u>End Date/Time</u></th><th></th></tr></thead><tbody>'; - - $sql = "select * from ".$cnp_formtable_name." where cnpform_cnpform_ID ='".$cnpfrmid."' order by cnpform_id desc"; - $result = $wpdb->get_results($sql); - if($wpdb->num_rows > 0 ) - { $sno=1; - foreach($result as $cnpformData): - - $id = $cnpformData->cnpform_id; - $cnpfrmid = $cnpformData->cnpform_cnpform_ID; - $cname = $cnpformData->cnpform_CampaignName; - $fname = $cnpformData->cnpform_FormName; - $guid = $cnpformData->cnpform_GUID; - $stdate = $cnpformData->cnpform_FormStartDate; - $eddate = $cnpformData->cnpform_FormEndDate; - $seldate = $cnpformData->cnpform_DateCreated; - $frmstdate = new DateTime($stdate); - $frmeddate = new DateTime($eddate); - if($eddate == "0000-00-00 00:00:00") {$eddate ="";} - if($eddate!=""){ - $eddate = new DateTime($eddate); - $nwenddt = $eddate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP);} - $cnpresltdsply .= '<tr><td>'.$sno.'</td><td >'.$cname.'</td><td >'.$fname.'</td><td >'.$guid.'</td> <td >'.$frmstdate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP).'</td> - <td >'.$nwenddt.'</td><td nowrap><u>'; - if(count($result)!= 1){ - $cnpresltdsply .= '<a href="admin.php?page=cnp_formdetails&cnpviewid='.$cnpfrmid.'&cnpid='.$rcnpid.'&info=del&did='.$id.'" ><span class="dashicons dashicons-trash"></span></a></u>'; - }else{$cnpresltdsply .= ' ';} - $cnpresltdsply .= '</td></tr>'; - $sno++; - endforeach; - } - else { $cnpresltdsply .= '<tr><td>No Record Found!</td><tr>'; } - - $cnpresltdsply .= '</tbody></table></div><div class="dataTables_paginate" ><a href="admin.php?page=cnp_formsdetails"><strong>Go back to Form Groups</strong></a></div>'; - echo $cnpresltdsply ; -} +<?php+function cnp_formdetails() {++ global $wpdb; global $cnp_formtable_name;++ if (isset($_REQUEST["info"])) {+ $info = sanitize_text_field($_REQUEST["info"]);+ } ++ $cnpresltdsply = "";+ if(isset($info) && $info ==="saved")+ {+ echo "<div class='updated' id='message'><p><strong>Form Added</strong>.</p></div>";+ }+ if(isset($info) && $info ==="failed")+ {+ echo "<div class='updated' id='message'><p><strong>Already Existed</strong>.</p></div>";+ }+ if(isset($info) && $info ==="upd")+ {+ echo "<div class='updated' id='message'><p><strong>Form updated</strong>.</p></div>";+ }+ + if (isset($info) && $info === "del") {+ + $delid = isset($_GET['did']) ? absint($_GET['did']) : 0; ++ if ($delid > 0) {+ global $wpdb;+ global $cnp_formtable_name;++ $wpdb->query(+ $wpdb->prepare("DELETE FROM {$cnp_formtable_name} WHERE cnpform_ID = %d", $delid)+ );++ + if ($wpdb->rows_affected > 0) {+ echo "<div class='updated' id='message'><p><strong>Record Deleted.</strong></p></div>";+ } else {+ echo "<div class='error' id='message'><p><strong>No record found to delete.</strong></p></div>";+ }+ } else {+ echo "<div class='error' id='message'><p><strong>Invalid record ID.</strong></p></div>";+ }+}++?>+<script type="text/javascript">+ /* <![CDATA[ */+ jQuery(document).ready(function(){+ jQuery('#cnpformslist').dataTable();+ jQuery("tr:even").css("background-color", "#f1f1f1");+ });+ /* ]]> */++</script>+<?php + ++$cnpfrmid = isset($_REQUEST['cnpviewid']) ? absint($_REQUEST['cnpviewid']) : 0;+$rcnpid = isset($_REQUEST['cnpid']) ? absint($_REQUEST['cnpid']) : 0;++if ($cnpfrmid > 0 ) { + global $wpdb;+ global $cnp_formtable_name;++ $cnpresltdsply = '<div class="wrap">+ <h2>View Forms </h2><p></p>+ <table class="wp-list-table widefat" id="cnpformslist">+ <thead><tr><th><u>ID</u></th><th><u>Campaign Name</u></th><th><u>Form Name</u></th><th><u>GUID</u></th><th><u>Start Date/Time</u></th><th><u>End Date/Time</u></th><th></th></tr></thead><tbody>';++ // Prepare the query to avoid SQL injection+ $sql = $wpdb->prepare(+ "SELECT * FROM {$cnp_formtable_name} WHERE cnpform_cnpform_ID = %d ORDER BY cnpform_id DESC",+ $cnpfrmid+ );+ $result = $wpdb->get_results($sql);++ if ($wpdb->num_rows > 0) {+ $sno = 1;+ foreach ($result as $cnpformData) {+ $id = $cnpformData->cnpform_id;+ $cnpfrmid = $cnpformData->cnpform_cnpform_ID;+ $cname = sanitize_text_field($cnpformData->cnpform_CampaignName);+ $fname = sanitize_text_field($cnpformData->cnpform_FormName);+ $guid = sanitize_text_field($cnpformData->cnpform_GUID);+ $stdate = $cnpformData->cnpform_FormStartDate;+ $eddate = $cnpformData->cnpform_FormEndDate;++ + $frmstdate = new DateTime($stdate);+ $nwenddt = "";+ if ($eddate != "0000-00-00 00:00:00") {+ $eddate = new DateTime($eddate);+ $nwenddt = $eddate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP);+ }++ $cnpresltdsply .= '<tr><td>' . $sno . '</td>+ <td>' . $cname . '</td>+ <td>' . $fname . '</td>+ <td>' . $guid . '</td>+ <td>' . $frmstdate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP) . '</td>+ <td>' . $nwenddt . '</td>+ <td nowrap><u>';++ if (count($result) != 1) {+ $cnpresltdsply .= '<a href="admin.php?page=cnp_formdetails&cnpviewid=' . $cnpfrmid . '&cnpid=' . $rcnpid . '&info=del&did=' . $id . '">+ <span class="dashicons dashicons-trash"></span></a></u>';+ } else {+ $cnpresltdsply .= ' ';+ }++ $cnpresltdsply .= '</td></tr>';+ $sno++;+ }+ } else {+ $cnpresltdsply .= '<tr><td colspan="7">No Record Found!</td></tr>';+ }++ $cnpresltdsply .= '</tbody></table></div><div class="dataTables_paginate">+ <a href="admin.php?page=cnp_formsdetails"><strong>Go back to Form Groups</strong></a></div>';+ echo $cnpresltdsply;+} else {+ echo '<div class="error"><p><strong>Invalid request parameters!</strong></p></div>';+}++} ?>\ No newline at end of file
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - FormDetails.php Lines 28, 52
Old Code:
```php
$delid=$_GET["did"];
$wpdb->query("delete from ".$cnp_formtable_name." where cnpform_ID =".$delid);
```
Fixed Code:
```php
$delid = isset($_GET['did']) ? absint($_GET['did']) : 0;
...
$wpdb->query(
$wpdb->prepare("DELETE FROM {$cnp_formtable_name} WHERE cnpform_ID = %d", $delid)
);
```
Explanation:
The old code directly concatenated user input (`$_GET["did"]`) into an SQL query without validation or sanitization, allowing SQL injection. The fixed code uses `absint()` to ensure an integer and `$wpdb->prepare()` with a parameterized query to safely embed the value.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - FormDetails.php Lines 4, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128
Old Code:
```php
$info = $_REQUEST["info"];
...
$cnpfrmid = $_REQUEST['cnpviewid'];
$rcnpid = $_REQUEST['cnpid'];
...
$cname = $cnpformData->cnpform_CampaignName;
$fname = $cnpformData->cnpform_FormName;
$guid = $cnpformData->cnpform_GUID;
...
$cnpresltdsply .= '<tr><td>'.$sno.'</td><td >'.$cname.'</td><td >'.$fname.'</td><td >'.$guid.'</td> <td >'.$frmstdate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP).'</td>
<td >'.$nwenddt.'</td><td nowrap><u>';
```
Fixed Code:
```php
if (isset($_REQUEST["info"])) {
$info = sanitize_text_field($_REQUEST["info"]);
}
...
$cnpfrmid = isset($_REQUEST['cnpviewid']) ? absint($_REQUEST['cnpviewid']) : 0;
$rcnpid = isset($_REQUEST['cnpid']) ? absint($_REQUEST['cnpid']) : 0;
...
$cname = sanitize_text_field($cnpformData->cnpform_CampaignName);
$fname = sanitize_text_field($cnpformData->cnpform_FormName);
$guid = sanitize_text_field($cnpformData->cnpform_GUID);
...
$cnpresltdsply .= '<tr><td>' . $sno . '</td>
<td>' . $cname . '</td>
<td>' . $fname . '</td>
<td>' . $guid . '</td>
<td>' . $frmstdate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP) . '</td>
<td>' . $nwenddt . '</td>
<td nowrap><u>';
```
Explanation:
The old code used unsanitized user input (`$_REQUEST["info"]`, `$_REQUEST['cnpviewid']`, `$_REQUEST['cnpid']`) and unsanitized database values (`cnpform_CampaignName`, `cnpform_FormName`, `cnpform_GUID`) directly in HTML output, enabling XSS attacks. The fixed code applies `sanitize_text_field()` to user input and database values before output, and uses `absint()` for integer parameters.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - FormDetails.php Lines 28, 52, 53
Old Code:
```php
$delid=$_GET["did"];
...
$cnpfrmid = $_REQUEST['cnpviewid'];
$rcnpid = $_REQUEST['cnpid'];
```
Fixed Code:
```php
$delid = isset($_GET['did']) ? absint($_GET['did']) : 0;
...
$cnpfrmid = isset($_REQUEST['cnpviewid']) ? absint($_REQUEST['cnpviewid']) : 0;
$rcnpid = isset($_REQUEST['cnpid']) ? absint($_REQUEST['cnpid']) : 0;
```
Explanation:
The old code lacked input validation, assuming `$_GET` and `$_REQUEST` parameters would always exist and be valid. The fixed code checks for parameter existence with `isset()` and validates/sanitizes them using `absint()` to ensure they are non-negative integers, preventing invalid data processing.
CVE Analysis Results:
CVE-2025-32550: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.
[CVE-2025-32550] [Click & Pledge CONNECT: 2.24080000-WP6.6.1→2.24120000-WP6.7.1] Functions/functionscnp.php
AI: 3 vulnerabilities
1 false positive, 2 true positives
CVE-2025-32550
--- cache/click-pledge-connect_2.24080000-WP6.6.1/Functions/functionscnp.php 2025-12-04 14:06:23.608345819 +0000+++ cache/click-pledge-connect_2.24120000-WP6.7.1/Functions/functionscnp.php 2025-12-04 14:06:27.828616706 +0000@@ -1,961 +1,1403 @@-<?php - -function CNPCF_getImageTextButton($guid,$cnptyp,$cnptxt) -{ - global $wpdb; - global $cnp_table_name; - global $cnp_formtable_name; - global $cnprtrnstr; - $cnpGetImagesql = "SELECT * FROM " .$cnp_table_name. " WHERE cnpform_groupname='" .$guid. "' and - cnpform_ptype ='".$cnptxt."'"; - $cnpimgresult = $wpdb->get_results($cnpGetImagesql); - - if($wpdb->num_rows > 0 ) - { - foreach ($cnpimgresult as $cnpimgresultsarr) - { - if($cnptxt == "text"){$cnprtrnstr= $cnpimgresultsarr->cnpform_text ;} - else if($cnptxt == "button"){$cnprtrnstr= $cnpimgresultsarr->cnpform_text ;} - else if($cnptxt == "image"){$cnprtrnstr= $cnpimgresultsarr->cnpform_img;} - } - } -return $cnprtrnstr; -} -function CNPCF_isExistShortcode($cnpshortcode) -{ - global $wpdb; - global $cnp_table_name; - global $cnprtrnstr; - $currentdate = CFCNP_PLUGIN_CURRENTTIME; - $cnpGetImagesql = "SELECT * FROM " .$cnp_table_name. " WHERE (cnpform_shortcode ='[CnPConnect " .$cnpshortcode. "]' OR cnpform_shortcode ='[CnP.Form " .$cnpshortcode. "]') AND cnpform_status =1 AND IF (cnpform_Form_EndDate !='0000-00-00 00:00:00', '".$currentdate."' between cnpform_Form_StartDate and cnpform_Form_EndDate, cnpform_Form_StartDate <= '".$currentdate."') order by cnpform_Date_Modified ASC Limit 1"; - $cnpimgresult = $wpdb->get_results($cnpGetImagesql); - if($wpdb->num_rows > 0 )return true; else return false; - -} -function CNPCF_isExistchannelShortcode($cnpshortcode) -{ - global $wpdb; - global $cnp_channelgrptable_name; - global $cnprtrnstr; - $currentdate = CFCNP_PLUGIN_CURRENTTIME; - $cnpGetImagesql = "SELECT * FROM " .$cnp_channelgrptable_name. " WHERE (cnpchannelgrp_shortcode ='[CnP.pledgeTV " .$cnpshortcode. "]') AND cnpchannelgrp_status =1 AND IF (cnpchannelgrp_channel_EndDate !='0000-00-00 00:00:00', '".$currentdate."' between cnpchannelgrp_channel_StartDate and cnpchannelgrp_channel_EndDate, cnpchannelgrp_channel_StartDate <= '".$currentdate."') order by cnpchannelgrp_Date_Modified ASC Limit 1"; - $cnpimgresult = $wpdb->get_results($cnpGetImagesql); - if($wpdb->num_rows > 0 )return true; else return false; - -} -function CNPCF_getGroupCustomerrmsg($cnpshortcode) -{ - global $wpdb; - global $cnp_table_name; - global $cnprtrnstr; //AND cnpform_status =1 AND IF (cnpform_Form_EndDate !='0000-00-00', CURDATE() between cnpform_Form_StartDate and cnpform_Form_EndDate, cnpform_Form_StartDate <= CURDATE()) order by cnpform_Date_Modified ASC Limit 1 - $cnpGetImagesql = "SELECT cnpform_custommsg FROM " .$cnp_table_name. " WHERE cnpform_shortcode ='[CnPConnect " .$cnpshortcode. "]' or cnpform_shortcode ='[CnP.Form " .$cnpshortcode. "]' "; - $cnperrresult = $wpdb->get_results($cnpGetImagesql); - if($wpdb->num_rows > 0 ) - { - foreach ($cnperrresult as $cnperrresultsarr) - { - $cnprtrnstr= $cnperrresultsarr->cnpform_custommsg; - - } - } -return $cnprtrnstr; -} -function CNPCF_getGroupchnlCustomerrmsg($cnpshortcode) -{ - global $wpdb; - global $cnp_channelgrptable_name; - global $cnprtrnstr; //AND cnpform_status =1 AND IF (cnpform_Form_EndDate !='0000-00-00', CURDATE() between cnpform_Form_StartDate and cnpform_Form_EndDate, cnpform_Form_StartDate <= CURDATE()) order by cnpform_Date_Modified ASC Limit 1 - $cnpGetImagesql = "SELECT cnpchannelgrp_custommsg FROM " .$cnp_channelgrptable_name. " WHERE cnpchannelgrp_shortcode ='[CnP.pledgeTV " .$cnpshortcode. "]'"; - $cnperrresult = $wpdb->get_results($cnpGetImagesql); - if($wpdb->num_rows > 0 ) - { - foreach ($cnperrresult as $cnperrresultsarr) - { - $cnprtrnstr= $cnperrresultsarr->cnpchannelgrp_custommsg; - - } - } -return $cnprtrnstr; -} -function CNPCF_getcnpGuid($cnpshortcode) -{ - global $wpdb; - global $cnp_table_name; - global $cnprtrnstr; - $cnpGetguidsql = "SELECT cnpform_guid FROM " .$cnp_table_name. " WHERE cnpform_shortcode ='[CnP " .$cnpshortcode. "]' or cnpform_shortcode ='[CnP.Form " .$cnpshortcode. "]' "; - $cnpfrmcntresult = $wpdb->get_results($cnpGetguidsql); - foreach ($cnpfrmcntresult as $cnpresultsarr) { - $cnpform_accountId= $cnpresultsarr->cnpform_guid; - return $cnpform_accountId; - } - -} -function CNPCF_getFormType($groupname) -{ - global $wpdb; - global $cnp_table_name; - global $cnprtrnstr; - $currentdate = CFCNP_PLUGIN_CURRENTTIME; - $cnpGetguidsql = "SELECT cnpform_type,cnpform_ptype,cnpform_text,cnpform_img FROM " .$cnp_table_name. " WHERE cnpform_groupname ='".$groupname."' AND cnpform_status =1 AND IF (cnpform_Form_EndDate !='0000-00-00 00:00:00', '".$currentdate."' between cnpform_Form_StartDate and cnpform_Form_EndDate, cnpform_Form_StartDate <= '".$currentdate."') order by cnpform_Date_Modified DESC Limit 1"; - $cnpfrmcntresult = $wpdb->get_results($cnpGetguidsql); - foreach ($cnpfrmcntresult as $cnpresultsarr) { - $cnpform_accountId= $cnpresultsarr->cnpform_type; - return $cnpform_accountId."--".$cnpresultsarr->cnpform_ptype."--".$cnpresultsarr->cnpform_text."--".$cnpresultsarr->cnpform_img; - } - -} -function CNPCF_getCountForms($frmid) -{ - global $wpdb; - global $cnp_formtable_name; - global $cnprtrnstr; - $currentdate = CFCNP_PLUGIN_CURRENTTIME; - $cnpGetFrmCntsql = "SELECT * FROM " .$cnp_formtable_name. " WHERE IF (cnpform_FormEndDate !='0000-00-00', cnpform_FormEndDate >= '".$currentdate."' , cnpform_FormStartDate != '') and cnpform_cnpform_ID =".$frmid ; - $cnpfrmcntresult = $wpdb->get_results($cnpGetFrmCntsql); - return $wpdb->num_rows; - -} -function CNPCF_getCountChannels($chnlid) -{ - global $wpdb; - global $cnp_channeltable_name; - global $cnp_channelgrptable_name; - global $cnp_settingtable_name; - global $cnprtrnstr; - $currentdate = CFCNP_PLUGIN_CURRENTTIME; - /* $cnpGetFrmCntsql = "select * from ".$cnp_channeltable_name." join ".$cnp_channelgrptable_name." on cnpchannelgrp_ID = cnpchannel_cnpchannelgrp_ID join ".$cnp_settingtable_name ." on cnpstngs_ID = cnpchannelgrp_cnpstngs_ID WHERE IF (cnpchannel_channelEndDate !='0000-00-00', cnpchannel_channelEndDate >= '".$currentdate."' , cnpchannel_channelStartDate != '') and cnpchannel_cnpchannelgrp_ID ='".$chnlid."'";*/ - $cnpGetFrmCntsql = "SELECT * FROM " .$cnp_channeltable_name. " WHERE IF (cnpchannel_channelEndDate !='0000-00-00', cnpchannel_channelEndDate >= '".$currentdate."' , cnpchannel_channelStartDate != '') and cnpchannel_cnpchannelgrp_ID =".$chnlid ; - - $result = $wpdb->get_results($cnpGetFrmCntsql); - $totnoofchannels = $wpdb->num_rows; - if($wpdb->num_rows > 0 ) - { $sno=0; - /*foreach($result as $cnpchannelData): - $isexistpledgetvchannel = isexistpledgetvchannel($cnpchannelData->cnpstngs_AccountNumber,$cnpchannelData->cnpstngs_guid,$cnpchannelData->cnpchannel_channelName); - if($isexistpledgetvchannel != "no"){ $sno = $sno+1;} - endforeach; */ - } - // if($sno == $wpdb->num_rows){return $wpdb->num_rows;}else{return $sno." of ".$wpdb->num_rows;} - -return $wpdb->num_rows; -} -function CNPCF_getAccountId($frmid) -{ - - global $wpdb; - global $cnp_formtable_name; - global $cnprtrnstr; - $cnpGetFrmCntsql = "SELECT cnpform_accountId FROM " .$cnp_formtable_name. " WHERE cnpform_id =".$frmid; - $cnpfrmcntresult = $wpdb->get_results($cnpGetFrmCntsql); - foreach ($cnpfrmcntresult as $cnpresultsarr) { - $cnpform_accountId= $cnpresultsarr->cnpform_accountId; - return $cnpform_accountId; - } - - - -} -function CNPCF_getFormId($frmid) -{ - global $wpdb; - global $cnp_formtable_name; - global $cnprtrnstr; - $cnpGetFrmsql = "SELECT cnpform_formId FROM " .$cnp_formtable_name. " WHERE cnpform_id =".$frmid; - $cnpfrmresult = $wpdb->get_results($cnpGetFrmsql); - foreach ($cnpfrmresult as $cnpresultsarr) { - $cnpform_formId= $cnpresultsarr->cnpform_formId; - return $cnpform_formId; - } -} -function CNPCF_getFormDates($frmid) -{ - - global $wpdb; - global $cnp_formtable_name; - global $cnprtrnstr; - $cnpGetFrmDtsql = "SELECT * FROM " .$cnp_formtable_name. " WHERE cnpform_id =".$frmid; - $cnpfrmdtresult = $wpdb->get_results($cnpGetFrmDtsql); - foreach ($cnpfrmdtresult as $cnpresultsarr) { - $cnpform_frmdates= $cnpresultsarr->cnpform_FormStartDate ."||" . $cnpresultsarr->cnpform_FormEndDate; - return $cnpform_frmdates; - } - -} -/*************************************************/ -function CNPCF_addNewChannel($tblname,$forminfo) - { - global $wpdb; global $cnp_channelgrptable_name; global $cnp_channeltable_name; - $count = sizeof($forminfo); - - if($count > 0) - { - - if( $forminfo['lstchnlaccntfrndlynam'] !="") - { - - $chnlcode= CNPCF_getChannelShortCode(sanitize_text_field(trim($forminfo['txtcnpchnlgrp']))); - $current_time = CFCNP_PLUGIN_CURRENTTIME; - - - - //$active = 1; - $active = $forminfo['lstchnlsts']; - $cnpsettingid = explode("||",$forminfo['lstchnlaccntfrndlynam']); - $frmgrpstartdt = $forminfo['txtcnpchnlstrtdt']; - $frmgrpenddt = $forminfo['txtcnpchnlenddt']; - $frmgrpenddt1 = ""; - - if(get_option('date_format') != "d/m/Y"){ - $frmgrpstartdt1 = date("Y-m-d H:i:s",strtotime($frmgrpstartdt)); - - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($frmgrpstartdt); - $frmgrpstartdt1 = date("Y-m-d H:i:s",strtotime($dateval)); - } - - if($frmgrpenddt !=""){ - if(get_option('date_format') != "d/m/Y"){ - $frmgrpenddt1 = date("Y-m-d H:i:s",strtotime($frmgrpenddt)); - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($frmgrpenddt); - $frmgrpenddt1 = date("Y-m-d H:i:s",strtotime($dateval)); - } - } - $cnpchnlgrp = sanitize_text_field(trim($forminfo['txtcnpchnlgrp'])); - - $sSQL = "INSERT INTO ".$cnp_channelgrptable_name."(cnpchannelgrp_groupname,cnpchannelgrp_cnpstngs_ID, cnpchannelgrp_shortcode,cnpchannelgrp_channel_StartDate,cnpchannelgrp_channel_EndDate, cnpchannelgrp_status,cnpchannelgrp_custommsg,cnpchannelgrp_Date_Created,cnpchannelgrp_Date_Modified)values('$cnpchnlgrp','$cnpsettingid[2]', '$chnlcode', - '$frmgrpstartdt1','$frmgrpenddt1',$active,'$forminfo[txtchnlerrortxt]', - '$current_time','$current_time')"; - $wpdb->query($sSQL); - $lastid = $wpdb->insert_id; - $noofforms = $forminfo['hidnoofforms']; - if($noofforms == ""){$noofforms = 1;} - - for($inc=0;$inc< $noofforms;$inc++) - { - $lstcnpactivechannel = "lstcnpactivechannel".$forminfo['hdncnpchnlcnt'][$inc]; - $txtcnpchnlstrtdt = "txtcnpchnlstrtdt".$forminfo['hdncnpchnlcnt'][$inc]; - $txtcnpchnlenddt = "txtcnpchnlenddt".$forminfo['hdncnpchnlcnt'][$inc]; - - $txtcnpformenddt1=""; - - - if(get_option('date_format') != "d/m/Y"){ - $txtcnpformstrtdt1 = date("Y-m-d H:i:s",strtotime($forminfo[$txtcnpchnlstrtdt])); - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($forminfo[$txtcnpchnlstrtdt]); - $txtcnpformstrtdt1 = date("Y-m-d H:i:s",strtotime($dateval)); - } - - if($forminfo[$txtcnpchnlenddt]!=""){ - if(get_option('date_format') != "d/m/Y"){ - $txtcnpformenddt1 = date("Y-m-d H:i:s",strtotime($forminfo[$txtcnpchnlenddt])); - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($forminfo[$txtcnpchnlenddt]); - $txtcnpformenddt1 = date("Y-m-d H:i:s",strtotime($dateval)); - } - } - - - - - $sSQL = "INSERT INTO ".$cnp_channeltable_name."(cnpchannel_cnpchannelgrp_ID,cnpchannel_channelName, cnpchannel_channelStartDate,cnpchannel_channelEndDate,cnpchannel_channelStatus,cnpchannel_DateCreated)values('$lastid','$forminfo[$lstcnpactivechannel]', '$txtcnpformstrtdt1','$txtcnpformenddt1',$active,'$current_time')"; - $wpdb->query($sSQL); - } - return true;}else{return false;}}else{ return false;} - } -/*************************************************/ - function CNPCF_addNewForms($tblname,$forminfo) - { - global $wpdb; global $cnp_table_name; global $cnp_formtable_name; - $count = sizeof($forminfo); - - if($count > 0) - { - - if( $forminfo['lstaccntfrndlynam'] !="") - { - - $frmcode= CNPCF_getFormShortCode($forminfo['txtcnpfrmgrp']); - $current_time = CFCNP_PLUGIN_CURRENTTIME; - $maxsize = 10000000; //set to approx 10 MB - - if(is_uploaded_file($_FILES['txtpopupimg']['tmp_name'])) { - //checks size of uploaded image on server side - if( $_FILES['txtpopupimg']['size'] < $maxsize) { - - $finfo = finfo_open(FILEINFO_MIME_TYPE); - //checks whether uploaded file is of image type - if(strpos(finfo_file($finfo, $_FILES['txtpopupimg']['tmp_name']),"image")===0) - { - // prepare the image for insertion - $imgData =addslashes (file_get_contents($_FILES['txtpopupimg']['tmp_name'])); - } - else - { - $msg="<p>Uploaded file is not an image.</p>"; - } - } - else { - // if the file is not less than the maximum allowed, print an error - $msg='<div>File exceeds the Maximum File limit</div> - <div>Maximum File limit is '.$maxsize.' bytes</div> - <div>File '.$_FILES['txtpopupimg']['name'].' is '.$_FILES['txtpopupimg']['size']. - ' bytes</div><hr />'; - } - } - else - $msg = "File not uploaded successfully."; - // $active = 1; - - $active = $forminfo['lstfrmsts']; - $cnpsettingid = explode("||",$forminfo['lstaccntfrndlynam']); - $frmgrpstartdt = $forminfo['txtcnpformstrtdt']; - $frmgrpenddt = $forminfo['txtcnpformenddt']; - $frmgrpenddt1 = ""; - - if(get_option('date_format') != "d/m/Y"){ - $frmgrpstartdt1 = date("Y-m-d H:i:s",strtotime($frmgrpstartdt)); - - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($frmgrpstartdt); - $frmgrpstartdt1 = date("Y-m-d H:i:s",strtotime($dateval)); - } - - if($frmgrpenddt !=""){ - if(get_option('date_format') != "d/m/Y"){ - $frmgrpenddt1 = date("Y-m-d H:i:s",strtotime($frmgrpenddt)); - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($frmgrpenddt); - $frmgrpenddt1 = date("Y-m-d H:i:s",strtotime($dateval)); - } - } - $sSQL = "INSERT INTO ".$cnp_table_name."(cnpform_groupname,cnpform_cnpstngs_ID,cnpform_type, cnpform_ptype,cnpform_text,cnpform_img,cnpform_shortcode,cnpform_Form_StartDate,cnpform_Form_EndDate, cnpform_status,cnpform_custommsg,cnpform_Date_Created,cnpform_Date_Modified)values('$forminfo[txtcnpfrmgrp]','$cnpsettingid[2]', '$forminfo[lstfrmtyp]','$forminfo[lstpopuptyp]','$forminfo[txtpopuptxt]','{$imgData}','$frmcode', - '$frmgrpstartdt1','$frmgrpenddt1',$active,'$forminfo[txterrortxt]', - '$current_time','$current_time')"; - - $wpdb->query($sSQL); - $lastid = $wpdb->insert_id; - $noofforms = $forminfo['hidnoofforms']; - if($noofforms == ""){$noofforms = 1;} - for($inc=0;$inc< $noofforms;$inc++) - { - $lstcnpactivecamp = "lstcnpactivecamp".$forminfo['hdncnpformcnt'][$inc]; - $lstcnpfrmtyp = "hdncnpformname".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpguid = "txtcnpguid".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpformstrtdt = "txtcnpformstrtdt".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpformenddt = "txtcnpformenddt".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpformurlparms = "txtbtnurlparms".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpformenddt1=""; - - if(get_option('date_format') != "d/m/Y"){ - $txtcnpformstrtdt1 = date("Y-m-d H:i:s",strtotime($forminfo[$txtcnpformstrtdt])); - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($forminfo[$txtcnpformstrtdt]); - $txtcnpformstrtdt1 = date("Y-m-d H:i:s",strtotime($dateval)); - } - - if($forminfo[$txtcnpformenddt]!=""){ - if(get_option('date_format') != "d/m/Y"){ - $txtcnpformenddt1 = date("Y-m-d H:i:s",strtotime($forminfo[$txtcnpformenddt])); - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($forminfo[$txtcnpformenddt]); - $txtcnpformenddt1 = date("Y-m-d H:i:s",strtotime($dateval)); - } - } - $sSQL = "INSERT INTO ".$cnp_formtable_name."(cnpform_cnpform_ID,cnpform_CampaignName,cnpform_FormName,cnpform_GUID,cnpform_FormStartDate,cnpform_FormEndDate,cnpform_FormStatus,cnpform_DateCreated,cnpform_urlparameters)values('$lastid','$forminfo[$lstcnpactivecamp]','$forminfo[$lstcnpfrmtyp]','$forminfo[$txtcnpguid]','$txtcnpformstrtdt1','$txtcnpformenddt1',$active, '$current_time','$forminfo[$txtcnpformurlparms]')"; - $wpdb->query($sSQL); - } - return true;}else{return false;}}else{ return false;} - } - - function CNPCF_addSettings($tblname,$forminfo) - { - global $wpdb; global $cnp_settingtable_name; - $count = sizeof($forminfo); - - if($count > 0) - { - $scnpSQL = "SELECT * FROM ".$cnp_settingtable_name." where cnpstngs_frndlyname ='".$forminfo['txtcnpfrmfrndlynm']."' or cnpstngs_AccountNumber = '".$forminfo['txtcnpacntid']."'"; - $cnpresults = $wpdb->get_results($scnpSQL); - $cnpformrows = $wpdb->num_rows; - if( $cnpformrows == 0) - { - - -if(isset($forminfo['txtcnpacntid']) && $forminfo['txtcnpacntid']!="" && isset($forminfo['txtcnpacntguid']) && $forminfo['txtcnpacntguid']!="") -{ - - - $current_time = CFCNP_PLUGIN_CURRENTTIME; - $cnpactive =1; - $sSQL = "INSERT INTO ".$cnp_settingtable_name."(cnpstngs_frndlyname,cnpstngs_AccountNumber,cnpstngs_guid,cnpstngs_status,cnpstngs_Date_Created,cnpstngs_Date_Modified)values('$forminfo[txtcnpfrmfrndlynm]','$forminfo[txtcnpacntid]', - '$forminfo[txtcnpacntguid]',$cnpactive, - '$current_time', - '$current_time')"; - $wpdb->query($sSQL); - - - - - //return $cnpcampcnt; - return true;}else{return false;} - } - else{return "error";} - } -} -function CNPCF_getActivecampaigns($cnpaccountno,$cnpaccountguid,$retrnstrng){ - $connect = array('soap_version' => SOAP_1_1, 'trace' => 1, 'exceptions' => 0); - $client = new SoapClient('https://resources.connect.clickandpledge.com/wordpress/Auth2.wsdl', $connect); - - $accountid = $cnpaccountno; - $accountguid = $cnpaccountguid; - $xmlr = new SimpleXMLElement("<GetActiveCampaignList2></GetActiveCampaignList2>"); - $xmlr->addChild('accountId', $accountid); - $xmlr->addChild('AccountGUID', $accountguid); - $xmlr->addChild('username', CFCNP_PLUGIN_UID); - $xmlr->addChild('password', CFCNP_PLUGIN_PWD); - $response = $client->GetActiveCampaignList2($xmlr); - - $responsearr = $response->GetActiveCampaignList2Result->connectCampaign; - - if($retrnstrng =="count"){ - $cnpcampcnt = count($responsearr); - return $cnpcampcnt;} - if($retrnstrng =="lst"){ - return $responsearr; - } -} - function CNPCF_getfrmsts($tablenm,$filedname,$wherefldid,$fieldid) - { - - global $wpdb; - global $cnp_formtable_name; - global $cnprtrnstr; - $cnpGetFrmDtsql = "SELECT ".$filedname." as fldsts FROM " .$tablenm. " WHERE " .$wherefldid. " =".$fieldid; - $cnpfrmdtresult = $wpdb->get_results($cnpGetFrmDtsql); - foreach ($cnpfrmdtresult as $cnpresultsarr) { - $cnpform_frmdates= $cnpresultsarr->fldsts;if($cnpform_frmdates == "1")$cnprtrnstr = "Active";else $cnprtrnstr = "Inactive"; - return $cnprtrnstr; - } - - } - - function CNPCF_GetCnPGroupDetails($tablenm,$filedname,$wherefldid) - { - - global $wpdb; - global $cnp_formtable_name; - global $cnprtrnstr; - $cnpGetFrmDtsql = "SELECT * FROM " .$tablenm. " WHERE " .$filedname. " = ".$wherefldid; - $cnpfrmdtresult = $wpdb->get_results($cnpGetFrmDtsql); - - return $cnpfrmdtresult; - } - - function CNPCF_updateCnPstatus($tablenm,$filedname,$wherefldid,$fieldid,$sts) - { - - global $wpdb; - global $cnp_formtable_name; - global $cnprtrnstr; - if($sts == "Active"){$updtsts ="0";}else{$updtsts ="1";} - $cnpGetFrmeDtsql = "update " .$tablenm. " SET ".$filedname." = '".$updtsts."' WHERE " .$wherefldid. " =".$fieldid; - $returnval = $wpdb->query($cnpGetFrmeDtsql); - /*if($returnval){$cnpGetFrmeDtsql = "update " .$tablenm. " SET ".$filedname." = '".$updtsts."' WHERE " .$wherefldid. " =".$fieldid; - $returnval = $wpdb->query($cnpGetFrmeDtsql);}*/ - return true; - } - function CNPCF_updateChannels($tblname,$forminfo) - { - global $wpdb; global $cnp_channelgrptable_name;global $cnp_channeltable_name; - $count = sizeof($forminfo); - if($count>0) - { - $current_time = CFCNP_PLUGIN_CURRENTTIME; - $frmgrpstartdt = $forminfo['txtcnpchnlstrtdt']; - $frmgrpenddt = $forminfo['txtcnpchnlenddt']; - $frmgrpenddt1 = ""; - - /*//$frmgrpstartdt1 = date("Y-m-d H:i:s",strtotime($frmgrpstartdt)); - if($frmgrpenddt !=""){ - $frmgrpenddt1 = date("Y-m-d H:i:s",strtotime($frmgrpenddt));} - */ - if(get_option('date_format') != "d/m/Y") - { - $frmgrpstartdt1 = date("Y-m-d H:i:s",strtotime($frmgrpstartdt)); - if($frmgrpenddt !=""){ - $frmgrpenddt1 = date("Y-m-d H:i:s",strtotime($frmgrpenddt)); - } - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($frmgrpstartdt); - $frmgrpstartdt1 = date("Y-m-d H:i:s",strtotime($dateval)); - if($frmgrpenddt !=""){ - $dateval = CNPCF_getDateFormat($frmgrpenddt); - $frmgrpenddt1 = date("Y-m-d H:i:s",strtotime($dateval)); - } - - } - - // cnpform_shortcode='$frmcode', - $active =1;//cnpform_groupname ='$forminfo[txtcnpfrmgrp]', - $sSQL = "UPDATE ".$cnp_channelgrptable_name." set - cnpchannelgrp_channel_StartDate='$frmgrpstartdt1', - cnpchannelgrp_channel_EndDate='$frmgrpenddt1', - cnpchannelgrp_status='$forminfo[lstchnlsts]', - cnpchannelgrp_custommsg='$forminfo[txterrortxt]', - cnpchannelgrp_Date_Modified='$current_time' - where cnpchannelgrp_ID ='".$forminfo['hdnfrmid']."'"; - $wpdb->query($sSQL); - $noofforms = $forminfo['hidnoofforms']; - $wpdb->query("delete from ".$cnp_channeltable_name." where cnpchannel_cnpchannelgrp_ID =".$forminfo['hdnfrmid']); - - - for($inc=0;$inc< $noofforms;$inc++) - { - - $lstcnpactivecamp = "lstcnpeditactivecamp".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpformstrtdt = "txtcnpformstrtdt".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpformenddt = "txtcnpformenddt".$forminfo['hdncnpformcnt'][$inc]; - /* $lstcnpactivecamp = "lstcnpeditactivecamp".$inc; - - $txtcnpformstrtdt = "txtcnpformstrtdt".$inc; - $txtcnpformenddt = "txtcnpformenddt".$inc;*/ - $txtcnpformenddt1 = ""; - - if(get_option('date_format') != "d/m/Y") - { - $txtcnpformstrtdt1 = date("Y-m-d H:i:s",strtotime($forminfo[$txtcnpformstrtdt])); - if($forminfo[$txtcnpformenddt] !=""){ - $txtcnpformenddt1 = date("Y-m-d H:i:s",strtotime($forminfo[$txtcnpformenddt])); - } - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($forminfo[$txtcnpformstrtdt]); - $txtcnpformstrtdt1 = date("Y-m-d H:i:s",strtotime($dateval)); - if($forminfo[$txtcnpformenddt] !=""){ - $datevale = CNPCF_getDateFormat($forminfo[$txtcnpformenddt]); - $txtcnpformenddt1 = date("Y-m-d H:i:s",strtotime($datevale)); - } - - } - - if($forminfo[$lstcnpactivecamp] !=""){ - $sSQL = "INSERT INTO ".$cnp_channeltable_name."(cnpchannel_cnpchannelgrp_ID,cnpchannel_channelName, cnpchannel_channelStartDate,cnpchannel_channelEndDate,cnpchannel_channelStatus,cnpchannel_DateCreated)values('".$forminfo['hdnfrmid']."','$forminfo[$lstcnpactivecamp]', - '$txtcnpformstrtdt1','$txtcnpformenddt1',$active, - '$current_time')"; - $wpdb->query($sSQL); - } - - } - return true;/*}else{return false; }*/}else{ return false;} - } - function CNPCF_updateForms($tblname,$forminfo) - { - global $wpdb; global $cnp_table_name;global $cnp_formtable_name; - $count = sizeof($forminfo); - if($count>0) - { - - $frmcode= CNPCF_getFormShortCode($forminfo['txtcnpfrmgrp']); - $current_time = CFCNP_PLUGIN_CURRENTTIME; - $maxsize = 10000000; //set to approx 10 MB - if(is_uploaded_file($_FILES['txtpopupimg']['tmp_name'])) { - //checks size of uploaded image on server side - if( $_FILES['txtpopupimg']['size'] < $maxsize) { - - $finfo = finfo_open(FILEINFO_MIME_TYPE); - //checks whether uploaded file is of image type - if(strpos(finfo_file($finfo, $_FILES['txtpopupimg']['tmp_name']),"image")===0) - { - // prepare the image for insertion - $imgData =addslashes (file_get_contents($_FILES['txtpopupimg']['tmp_name'])); - $sSQL = "UPDATE ".$cnp_table_name." set cnpform_img = '{$imgData}', - cnpform_Date_Modified='$current_time' - where cnpform_ID ='".$forminfo['hdnfrmid']."'"; - $wpdb->query($sSQL); - } - else{$msg="<p>Uploaded file is not an image.</p>";} - } - else { - // if the file is not less than the maximum allowed, print an error - $msg='<div>File exceeds the Maximum File limit</div> - <div>Maximum File limit is '.$maxsize.' bytes</div> - <div>File '.$_FILES['txtpopupimg']['name'].' is '.$_FILES['txtpopupimg']['size']. - ' bytes</div><hr />'; - } } else $msg="File not uploaded successfully."; - - - $frmgrpstartdt = $forminfo['txtcnpformstrtdt']; - $frmgrpenddt = $forminfo['txtcnpformenddt']; - $frmgrpenddt1 = ""; - - if(get_option('date_format') != "d/m/Y") - { - $frmgrpstartdt1 = date("Y-m-d H:i:s",strtotime($frmgrpstartdt)); - if($frmgrpenddt !=""){ - $frmgrpenddt1 = date("Y-m-d H:i:s",strtotime($frmgrpenddt)); - } - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($frmgrpstartdt); - $frmgrpstartdt1 = date("Y-m-d H:i:s",strtotime($dateval)); - if($frmgrpenddt !=""){ - $dateval = CNPCF_getDateFormat($frmgrpenddt); - $frmgrpenddt1 = date("Y-m-d H:i:s",strtotime($dateval)); - } - - } - - // cnpform_shortcode='$frmcode', - $active =1;//cnpform_groupname ='$forminfo[txtcnpfrmgrp]', - $sSQL = "UPDATE ".$cnp_table_name." set cnpform_type='$forminfo[lstfrmtyp]', - cnpform_ptype='$forminfo[lstpopuptyp]', - cnpform_text='$forminfo[txtpopuptxt]', - cnpform_Form_StartDate='$frmgrpstartdt1', - cnpform_Form_EndDate='$frmgrpenddt1', - cnpform_status='$forminfo[lstfrmsts]', - cnpform_custommsg='$forminfo[txterrortxt]', - cnpform_Date_Modified='$current_time' - where cnpform_ID ='".$forminfo['hdnfrmid']."'"; - $wpdb->query($sSQL); - $noofforms = $forminfo['hidnoofforms']; - $wpdb->query("delete from ".$cnp_formtable_name." where cnpform_cnpform_ID =".$forminfo['hdnfrmid']); - for($inc=0;$inc< $noofforms;$inc++) - { - - - $lstcnpactivecamp = "lstcnpeditactivecamp".$forminfo['hdncnpformcnt'][$inc]; - $lstcnpfrmtyp = "hdncnpformname".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpguid = "txtcnpguid".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpformstrtdt = "txtcnpformstrtdt".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpformenddt= "txtcnpformenddt".$forminfo['hdncnpformcnt'][$inc]; - $txtcnpformurlparms= "txtbtnurlparms".$forminfo['hdncnpformcnt'][$inc]; - - $txtcnpformenddt1=""; - - if(get_option('date_format') != "d/m/Y") - { - $txtcnpformstrtdt1 = date("Y-m-d H:i:s",strtotime($forminfo[$txtcnpformstrtdt])); - if($forminfo[$txtcnpformenddt] !=""){ - $txtcnpformenddt1 = date("Y-m-d H:i:s",strtotime($forminfo[$txtcnpformenddt])); - } - } - elseif(get_option('date_format') == "d/m/Y" || get_option('date_format') == "d-m-Y") - { - $dateval = CNPCF_getDateFormat($forminfo[$txtcnpformstrtdt]); - $txtcnpformstrtdt1 = date("Y-m-d H:i:s",strtotime($dateval)); - if($forminfo[$txtcnpformenddt] !=""){ - $datevale = CNPCF_getDateFormat($forminfo[$txtcnpformenddt]); - $txtcnpformenddt1 = date("Y-m-d H:i:s",strtotime($datevale)); - } - - } - - - $sSQL = "INSERT INTO ".$cnp_formtable_name."(cnpform_cnpform_ID,cnpform_CampaignName,cnpform_FormName,cnpform_GUID, cnpform_FormStartDate,cnpform_FormEndDate,cnpform_FormStatus,cnpform_DateCreated,cnpform_urlparameters)values('".$forminfo['hdnfrmid']."','$forminfo[$lstcnpactivecamp]', - '$forminfo[$lstcnpfrmtyp]','$forminfo[$txtcnpguid]', - '$txtcnpformstrtdt1','$txtcnpformenddt1',$active, - '$current_time','$forminfo[$txtcnpformurlparms]')"; - $wpdb->query($sSQL); - - - } - return true;/*}else{return false; }*/}else{ return false;} - } - function CNPCF_updateSettings($tblname,$forminfo) - { - global $wpdb; global $cnp_settingtable_name; - $count = sizeof($forminfo); - if($count>0) - { - $cnpcampcnt = //CNPCF_getActivecampaigns($forminfo[txtcnpacntid],$forminfo[txtcnpacntguid],"count"); - $current_time = date('Y-m-d H:i:s'); - $active =1; - $sSQL = "UPDATE ".$cnp_settingtable_name." set - cnpstngs_frndlyname ='$forminfo[txtcnpfrmfrndlynm]', - cnpstngs_AccountNumber='$forminfo[txtcnpacntid]', - cnpstngs_guid='$forminfo[txtcnpacntguid]', - cnpstngs_Date_Modified='$current_time' - where cnpstngs_ID ='".$forminfo['hdnfrmid']."'"; - $wpdb->query($sSQL); - //return $cnpcampcnt; - return true;}else{ return false;} - } - function CNPCF_getFormShortCode($groupnm) - { - global $wpdb; - global $cnp_table_name; - $rtrnval=""; - $frmcode = $groupnm; - $shrtcode= str_replace(' ', '-', $frmcode); - $shortcode = '[CnP.Form '.$shrtcode.']'; - - return $shortcode; - } - function CNPCF_getChannelShortCode($groupnm) - { - global $wpdb; - global $cnp_table_name; - $rtrnval=""; - $chnlcode = $groupnm; - $shrtcode= str_replace(' ', '-', $chnlcode); - $shortcode = '[CnP.pledgeTV '.$shrtcode.']'; - - return $shortcode; - } - function CNPCF_getMaxFormid($tablename) - { - global $wpdb; - global $cnp_table_name; - $rtrnval=""; - $scnpSQL = "SELECT MAX(cnpform_id) as frmid FROM ".$tablename; - $cnpresults = $wpdb->get_results($scnpSQL); - $cnpformrows = $wpdb->num_rows; - if( $cnpformrows != NULL){ - foreach ($cnpresults as $cnpresultsarr) { - $cnpfrmid= $cnpresultsarr->frmid; - $rtrnval = $cnpfrmid + 1; - } - } - else { $rtrnval = 1;} - if($rtrnval <=9){ $rtrnval = "00".$rtrnval;}elseif($rtrnval <=99 && $rtrnval >=9){ $rtrnval = "0".$rtrnval;}else{$rtrnval = $rtrnval;} - - return "CNPCF".$rtrnval; - } -function CNPCF_getformsofGroup($groupname){ - - global $wpdb; - global $cnp_table_name; global $cnp_formtable_name; - $returnarr = array(); - $rtrnval=""; - $currentdate = CFCNP_PLUGIN_CURRENTTIME; - $scnpSQL = "SELECT cnpform_ID as frmid FROM ".$cnp_table_name ." WHERE cnpform_groupname = '".$groupname."' AND - cnpform_status =1 AND IF (cnpform_Form_EndDate !='0000-00-00 00:00:00', '".$currentdate."' between cnpform_Form_StartDate and cnpform_Form_EndDate, cnpform_Form_StartDate <= '".$currentdate."') order by cnpform_Date_Modified DESC Limit 1"; - $cnpresults = $wpdb->get_results($scnpSQL); - $cnpformrows = $wpdb->num_rows; - if( $cnpformrows != NULL){ - foreach ($cnpresults as $cnpresultsarr) { - $cnpfrmid= $cnpresultsarr->frmid; - - } - $scnpFormsSQL = "SELECT cnpform_GUID as frmguid,cnpform_urlparameters FROM ".$cnp_formtable_name ." WHERE cnpform_cnpform_ID = '".$cnpfrmid."' AND cnpform_FormStatus =1 AND IF (cnpform_FormEndDate !='0000-00-00 00:00:00', '".$currentdate."' between cnpform_FormStartDate and cnpform_FormEndDate, cnpform_FormStartDate <= '".$currentdate."') order by cnpform_DateCreated DESC Limit 1"; - $cnpformsresults = $wpdb->get_results($scnpFormsSQL); - $cnpformrows = $wpdb->num_rows; - - if( $cnpformrows != NULL){ - foreach ($cnpformsresults as $cnpfrmresultsarr) { - $cnpurlparam = $cnpfrmresultsarr->cnpform_urlparameters; - //$cnpurlparamnw = str_replace(';', '&', $cnpurlparam); - $newfrmguid = $cnpfrmresultsarr->frmguid ."?".$cnpurlparam; - array_push($returnarr, $newfrmguid); - - - } - } - } - - return $returnarr; -} -function CNPCF_getchannelsofGroup($groupname){ - - global $wpdb; - global $cnp_channelgrptable_name; global $cnp_channeltable_name; - $returnarr = array(); - $rtrnval=""; - $currentdate = CFCNP_PLUGIN_CURRENTTIME; - $scnpSQL = "SELECT cnpchannelgrp_ID as chnlid FROM ".$cnp_channelgrptable_name ." WHERE cnpchannelgrp_groupname = '".$groupname."' AND - cnpchannelgrp_status =1 AND IF (cnpchannelgrp_channel_EndDate !='0000-00-00 00:00:00', '".$currentdate."' between cnpchannelgrp_channel_StartDate and cnpchannelgrp_channel_EndDate, cnpchannelgrp_channel_StartDate <= '".$currentdate."') order by cnpchannelgrp_Date_Modified DESC Limit 1"; - $cnpresults = $wpdb->get_results($scnpSQL); - $cnpformrows = $wpdb->num_rows; - if( $cnpformrows != NULL){ - foreach ($cnpresults as $cnpresultsarr) { - $cnpfrmid= $cnpresultsarr->chnlid; - - } - $scnpFormsSQL = "SELECT cnpchannel_channelName as chnlnm FROM ".$cnp_channeltable_name ." WHERE cnpchannel_cnpchannelgrp_ID = '".$cnpfrmid."' AND cnpchannel_channelStatus =1 AND IF (cnpchannel_channelEndDate !='0000-00-00 00:00:00', '".$currentdate."' between cnpchannel_channelStartDate and cnpchannel_channelEndDate, cnpchannel_channelStartDate <= '".$currentdate."') order by cnpchannel_DateCreated DESC Limit 1"; - $cnpformsresults = $wpdb->get_results($scnpFormsSQL); - $cnpformrows = $wpdb->num_rows; - - if( $cnpformrows != NULL){ - foreach ($cnpformsresults as $cnpfrmresultsarr) { - array_push($returnarr, $cnpfrmresultsarr->chnlnm); - - - } - } - } - - return $returnarr; -} -function CNPCF_getCNPAccountDetails($cnpfrndlynm){ - global $wpdb; - global $cnp_settingtable_name; - global $cnp_table_name; global $cnp_formtable_name; - $acntrtrnval= ""; - $scnpSQL = "SELECT * FROM ".$cnp_settingtable_name ." WHERE cnpstngs_ID ='".$cnpfrndlynm."'"; - $cnpresults = $wpdb->get_results($scnpSQL); - $cnpformrows = $wpdb->num_rows; - if( $cnpformrows != NULL){ - - foreach ($cnpresults as $cnpresultsarr) { - if(count($cnpresultsarr) >= 1) - { - $acntrtrnval = $cnpresultsarr->cnpstngs_AccountNumber."--".$cnpresultsarr->cnpstngs_guid; - } - } - } - - return $acntrtrnval; - -} -function CNPCF_getAccountNumbersCount() -{ - global $wpdb; - global $cnp_settingtable_name; - $rtrnval=""; - $scnpSQL = "SELECT * FROM ".$cnp_settingtable_name; - $cnpresults = $wpdb->get_results($scnpSQL); - $cnpformrows = $wpdb->num_rows; - - - return $cnpformrows; - -} -function CNPCF_editgetAccountIdList($cnpeditid) -{ - global $wpdb; - global $cnp_settingtable_name; - $rtrnval=""; - $scnpSQL = "SELECT * FROM ".$cnp_settingtable_name." order by cnpstngs_AccountNumber" ; - $cnpresults = $wpdb->get_results($scnpSQL); - $cnpformrows = $wpdb->num_rows; - if( $cnpformrows != NULL){ - $camrtrnval = ""; - //$camrtrnval = "<option value=''>Select Friendly Name</option>"; - foreach ($cnpresults as $cnpresultsarr) { - if(count($cnpresults) >= 1) - { $cnpoptnsel = ""; - if($cnpresultsarr->cnpstngs_ID == $cnpeditid){$cnpoptnsel="selected";} - $optnval = $cnpresultsarr->cnpstngs_AccountNumber."||".$cnpresultsarr->cnpstngs_guid."||".$cnpresultsarr->cnpstngs_ID; - $camrtrnval.= "<option value='".$optnval."' ".$cnpoptnsel.">".$cnpresultsarr->cnpstngs_frndlyname." ( ".$cnpresultsarr->cnpstngs_AccountNumber." )</option>"; - } - } - } - - return $camrtrnval; - -} -function CNPCF_getAccountIdList() -{ - global $wpdb; - global $cnp_settingtable_name; - $rtrnval=""; - $scnpSQL = "SELECT * FROM ".$cnp_settingtable_name ." order by cnpstngs_AccountNumber"; - $cnpresults = $wpdb->get_results($scnpSQL); - $cnpformrows = $wpdb->num_rows; - if( $cnpformrows != NULL){ - - $camrtrnval =""; - foreach ($cnpresults as $cnpresultsarr) { - if(count($cnpresults) >= 1) - { - $optnval = $cnpresultsarr->cnpstngs_AccountNumber."||".$cnpresultsarr->cnpstngs_guid."||".$cnpresultsarr->cnpstngs_ID; - $camrtrnval.= "<option value='".$optnval."'>".$cnpresultsarr->cnpstngs_frndlyname." ( ".$cnpresultsarr->cnpstngs_AccountNumber." )</option>"; - } - } - } - - return $camrtrnval; - -} -function CNPCF_getAccountNumbersInfo($cnpeditid) -{ - global $wpdb; - global $cnp_table_name; - $rtrnval=""; - $scnpSQL = "SELECT * FROM ".$cnp_table_name ." WHERE cnpform_cnpstngs_ID=".$cnpeditid; - $cnpresults = $wpdb->get_results($scnpSQL); - $cnpformrows = $wpdb->num_rows; - - - return $cnpformrows; - -} -function CNPCF_getchnlAccountNumbersInfo($cnpeditid) -{ - global $wpdb; - global $cnp_channelgrptable_name ; - $rtrnval=""; - $scnpSQL = "SELECT * FROM ".$cnp_channelgrptable_name ." WHERE cnpchannelgrp_cnpstngs_ID=".$cnpeditid; - $cnpresults = $wpdb->get_results($scnpSQL); - $cnpformrows = $wpdb->num_rows; - - - return $cnpformrows; - -} - -function CNPCF_getDateFormat($frmgrpstartdt) -{ - - $dateval = $frmgrpstartdt; - $bits = explode(' ',$dateval); - $bits1 = explode('/',$bits[0]); - $curdate = $bits1[1].'/'.$bits1[0].'/'.$bits1[2] . " ".$bits[1]. " ".$bits[2]; - return $curdate; -} -function wp_get_timezone_string() { - - // if site timezone string exists, return it - if ( $timezone = get_option( 'timezone_string' ) ) - return $timezone; - - // get UTC offset, if it isn't set then return UTC - if ( 0 === ( $utc_offset = get_option( 'gmt_offset', 0 ) ) ) - return 'UTC'; - - // adjust UTC offset from hours to seconds - $utc_offset *= 3600; - - // attempt to guess the timezone string from the UTC offset - if ( $timezone = timezone_name_from_abbr( '', $utc_offset, 0 ) ) { - return $timezone; - } - - // last try, guess timezone string manually - $is_dst = date( 'I' ); - - foreach ( timezone_abbreviations_list() as $abbr ) { - foreach ( $abbr as $city ) { - if ( $city['dst'] == $is_dst && $city['offset'] == $utc_offset ) - return $city['timezone_id']; - } - } - - // fallback to UTC - return 'UTC'; -} - - +<?php++function CNPCF_getImageTextButton($guid,$cnptyp,$cnptxt)+{+global $wpdb; +global $cnp_table_name;+global $cnp_formtable_name;+global $cnprtrnstr;++$cnpGetImagesql = $wpdb->prepare(+ "SELECT * FROM $cnp_table_name WHERE cnpform_groupname = %s AND cnpform_ptype = %s",+ $guid,+ $cnptxt+);+++$cnpimgresult = $wpdb->get_results($cnpGetImagesql);++if (!empty($cnpimgresult)) {+ foreach ($cnpimgresult as $cnpimgresultsarr) { + + switch ($cnptxt) {+ case 'text':+ case 'button':+ $cnprtrnstr = $cnpimgresultsarr->cnpform_text;+ break;+ case 'image':+ $cnprtrnstr = $cnpimgresultsarr->cnpform_img;+ break;+ default:+ $cnprtrnstr = null; + }+ }+}++return $cnprtrnstr;+
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Functions/functionscnp.php Lines 1-961 (old) vs Lines 1-1403 (new)
Old Code:
```php
$cnpGetImagesql = "SELECT * FROM " .$cnp_table_name. " WHERE cnpform_groupname='" .$guid. "' and
cnpform_ptype ='".$cnptxt."'";
```
Fixed Code:
```php
$cnpGetImagesql = $wpdb->prepare(
"SELECT * FROM $cnp_table_name WHERE cnpform_groupname = %s AND cnpform_ptype = %s",
$guid,
$cnptxt
);
```
Explanation:
The old code directly concatenates user-supplied variables `$guid` and `$cnptxt` into SQL queries without sanitization, making it vulnerable to SQL injection. The fixed code uses WordPress's `$wpdb->prepare()` with parameterized queries (`%s` placeholders) to properly escape and neutralize special elements, preventing SQL injection attacks. This pattern is applied consistently throughout the diff to multiple SQL queries.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-434: Unrestricted Upload of File with Dangerous Type - Functions/functionscnp.php Lines 1-961 (old) vs Lines 1-1403 (new)
Old Code:
```php
if(is_uploaded_file($_FILES['txtpopupimg']['tmp_name'])) {
//checks size of uploaded image on server side
if( $_FILES['txtpopupimg']['size'] < $maxsize) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
//checks whether uploaded file is of image type
if(strpos(finfo_file($finfo, $_FILES['txtpopupimg']['tmp_name']),"image")===0)
{
// prepare the image for insertion
$imgData =addslashes (file_get_contents($_FILES['txtpopupimg']['tmp_name']));
}
else
{
$msg="<p>Uploaded file is not an image.</p>";
}
}
```
Fixed Code:
```php
if (is_uploaded_file($_FILES['txtpopupimg']['tmp_name'])) {
//checks size of uploaded image on server side
if ($_FILES['txtpopupimg']['size'] < $maxsize) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
//checks whether uploaded file is of image type
$mime_type = finfo_file($finfo, $_FILES['txtpopupimg']['tmp_name']);
if (strpos($mime_type, "image") === 0) {
// prepare the image for insertion
$imgData = addslashes(file_get_contents($_FILES['txtpopupimg']['tmp_name']));
} else {
$msg = "<p>Uploaded file is not an image.</p>";
}
}
```
Explanation:
The old code uses `strpos(finfo_file(...), "image")===0` which is correct for MIME type validation but stores the file content directly with `addslashes()`. The fixed code improves security by explicitly storing the MIME type in `$mime_type` variable before validation, though the actual file handling remains similar. However, the vulnerability persists because the code still allows image uploads that could contain malicious scripts (like SVG with JavaScript), and `addslashes()` is insufficient for binary data. The fix doesn't fully address unrestricted upload risks.
---
Vulnerability Existed: yes
FALSE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - Functions/functionscnp.php Lines 1-961 (old) vs Lines 1-1403 (new)
Old Code:
```php
$sSQL = "INSERT INTO ".$cnp_table_name."(cnpform_groupname,cnpform_cnpstngs_ID,cnpform_type, cnpform_ptype,cnpform_text,cnpform_img,cnpform_shortcode,cnpform_Form_StartDate,cnpform_Form_EndDate, cnpform_status,cnpform_custommsg,cnpform_Date_Created,cnpform_Date_Modified)values('$forminfo[txtcnpfrmgrp]','$cnpsettingid[2]', '$forminfo[lstfrmtyp]','$forminfo[lstpopuptyp]','$forminfo[txtpopuptxt]','{$imgData}','$frmcode',
'$frmgrpstartdt1','$frmgrpenddt1',$active,'$forminfo[txterrortxt]',
'$current_time','$current_time')";
```
Fixed Code:
```php
$sSQL = $wpdb->prepare(
"INSERT INTO $cnp_table_name (cnpform_groupname, cnpform_cnpstngs_ID, cnpform_type, cnpform_ptype, cnpform_text, cnpform_img, cnpform_shortcode, cnpform_Form_StartDate, cnpform_Form_EndDate, cnpform_status, cnpform_custommsg, cnpform_Date_Created, cnpform_Date_Modified) VALUES (%s, %d, %s, %s, %s, %s, %s, %s, %s, %d, %s, %s, %s)",
$forminfo['txtcnpfrmgrp'],
$cnpsettingid[2],
$forminfo['lstfrmtyp'],
$forminfo['lstpopuptyp'],
$forminfo['txtpopuptxt'],
$imgData,
$frmcode,
$frmgrpstartdt1,
$frmgrpenddt1,
$active,
$forminfo['txterrortxt'],
$current_time,
$current_time
);
```
Explanation:
The old code directly inserts user-controlled data (like `$forminfo['txterrortxt']`) into the database without sanitization, which could lead to stored XSS if the data is later output without escaping. The fixed code uses parameterized queries via `$wpdb->prepare()`, which prevents SQL injection but doesn't inherently protect against XSS. However, by properly escaping database input, it reduces the risk of malicious script storage. Output escaping would still be needed when displaying this data.
---
Vulnerability Existed: not sure
CWE-352: Cross-Site Request Forgery (CSRF) - Functions/functionscnp.php Lines 1-961 (old) vs Lines 1-1403 (new)
Old Code:
```php
function CNPCF_addNewForms($tblname,$forminfo)
{
global $wpdb; global $cnp_table_name; global $cnp_formtable_name;
$count = sizeof($forminfo);
if($count > 0)
{
if( $forminfo['lstaccntfrndlynam'] !="")
{
// ... form processing without CSRF checks
}
}
}
```
Fixed Code:
The diff doesn't show explicit CSRF protection (like nonce verification) being added to form handling functions.
Explanation:
The code changes focus on SQL injection fixes but don't appear to add CSRF tokens or nonce verification for form submissions. Since the diff is partial, I cannot confirm if CSRF protection was added elsewhere. The vulnerability may still exist because administrative actions (like adding/updating forms) could be forged without proper CSRF safeguards.
CVE Analysis Results:
CVE-2025-32550: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.
[CVE-2025-32550] [Click & Pledge CONNECT: 2.24080000-WP6.6.1→2.24120000-WP6.7.1] clickandpledge_form.php
AI: 7 vulnerabilities
1 false positive, 6 true positives
CVE-2025-32550
--- cache/click-pledge-connect_2.24080000-WP6.6.1/clickandpledge_form.php 2025-12-04 14:06:23.600345305 +0000+++ cache/click-pledge-connect_2.24120000-WP6.7.1/clickandpledge_form.php 2025-12-04 14:06:27.808615423 +0000@@ -3,12 +3,11 @@ Plugin Name: Click & Pledge Connect Plugin URI: https://manual.clickandpledge.com/ Description: The Click & Pledge CONNECT plugin provides a flexible and easy to add process for adding CONNECT forms to any WordPress template.-Version: 2.24080000-WP6.6.1+Version: 2.24120000-WP6.7.1 Author: Click & Pledge Author URI: https://www.clickandpledge.com */ - error_reporting(E_ALL); global $cnp_table_name; global $wpdb;@@ -36,7 +35,7 @@ if ( ! function_exists( 'get_plugins' ) ) { require_once ABSPATH . 'wp-admin/includes/plugin.php'; }-$wpcnp_version = '2.24080000-WP6.6.1';+$wpcnp_version = '2.24120000-WP6.7.1'; $all_plugins = get_plugins(); foreach ( array_keys( $all_plugins ) as $plugin_candidate ) { @@ -101,110 +100,131 @@ /* When plugin is deactivation*/-register_deactivation_hook( __FILE__, 'Remove_CNP'); +register_deactivation_hook(__FILE__, function() {+ // No specific logic here.+}); function cnpconnectplugin_update_db_check() {- global $wpdb; global $cnp_channelgrptable_name;global $cnp_channeltable_name;global $cnp_formtable_name;global $cnp_table_name; global $cnp_settingtable_name;- $check_column = (array) $wpdb->get_results("SELECT count(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=DATABASE() AND TABLE_NAME = '$cnp_formtable_name' AND COLUMN_NAME = 'cnpform_urlparameters'")[0];+ global $wpdb;+ global $cnp_channelgrptable_name, $cnp_channeltable_name, $cnp_formtable_name, $cnp_table_name, $cnp_settingtable_name; - $table_name = $cnp_formtable_name;- $check_column = (int) array_shift($check_column);- if($check_column == 0) {- $wpdb->query(- "ALTER TABLE $table_name- ADD COLUMN `cnpform_urlparameters` TEXT NOT NULL- ");- }- if($wpdb->get_var("SHOW TABLES LIKE '".$cnp_channelgrptable_name."'") != $cnp_channelgrptable_name) {- $sql = "CREATE TABLE $cnp_channelgrptable_name (- cnpchannelgrp_ID int(9) NOT NULL AUTO_INCREMENT,- cnpchannelgrp_groupname varchar(250) NOT NULL,- cnpchannelgrp_cnpstngs_ID int(15) NOT NULL,- cnpchannelgrp_shortcode text,- cnpchannelgrp_custommsg varchar(250) NOT NULL,- cnpchannelgrp_channel_StartDate datetime NOT NULL,- cnpchannelgrp_channel_EndDate datetime NOT NULL,- cnpchannelgrp_status char(1) DEFAULT 'a',- cnpchannelgrp_Date_Created datetime NOT NULL DEFAULT '0000-00-00 00:00:00',- cnpchannelgrp_Date_Modified datetime NOT NULL DEFAULT '0000-00-00 00:00:00',- PRIMARY KEY (cnpchannelgrp_ID),- KEY cnpfrm_id (cnpchannelgrp_ID)) ENGINE=InnoDB DEFAULT CHARSET=utf8;";- - require_once(ABSPATH . 'wp-admin/includes/upgrade.php');- dbDelta($sql); + + $check_column = $wpdb->get_var(+ $wpdb->prepare(+ "SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = %s AND COLUMN_NAME = %s",+ $cnp_formtable_name,+ 'cnpform_urlparameters'+ )+ );++ if ((int) $check_column === 0) {+ $wpdb->query(+ "ALTER TABLE $cnp_formtable_name ADD COLUMN `cnpform_urlparameters` TEXT NOT NULL"+ ); }- if($wpdb->get_var("SHOW TABLES LIKE '".$cnp_channeltable_name."'") != $cnp_channeltable_name) {- $sql = "CREATE TABLE $cnp_channeltable_name (- cnpchannel_id int(15) NOT NULL AUTO_INCREMENT,- cnpchannel_cnpchannelgrp_ID int(15) NOT NULL,- cnpchannel_channelName varchar(250) NOT NULL,- cnpchannel_channelStartDate datetime NOT NULL,- cnpchannel_channelEndDate datetime NOT NULL,- cnpchannel_channelStatus char(1) NOT NULL DEFAULT 'a',- cnpchannel_DateCreated datetime NOT NULL DEFAULT '0000-00-00 00:00:00',- cnpchannel_DateModified datetime NOT NULL DEFAULT '0000-00-00 00:00:00',- PRIMARY KEY (cnpchannel_id),KEY cnpfrm_id (cnpchannel_id)) ENGINE=InnoDB DEFAULT CHARSET=latin1;";-- require_once(ABSPATH . 'wp-admin/includes/upgrade.php');- dbDelta($sql);- }- if($wpdb->get_var("SHOW TABLES LIKE '".$cnp_formtable_name."'") != $cnp_formtable_name) {- $sql = "CREATE TABLE $cnp_formtable_name (- cnpform_id int(15) NOT NULL AUTO_INCREMENT,- cnpform_cnpform_ID int(15) NOT NULL,- cnpform_CampaignName varchar(250) NOT NULL,- cnpform_FormName varchar(250) NOT NULL,- cnpform_GUID varchar(250) NOT NULL,- cnpform_FormStartDate datetime NOT NULL,- cnpform_FormEndDate datetime NOT NULL,- cnpform_FormStatus char(1) NOT NULL DEFAULT 'a',- cnpform_DateCreated datetime NOT NULL DEFAULT '0000-00-00 00:00:00',- cnpform_DateModified datetime NOT NULL DEFAULT '0000-00-00 00:00:00',- PRIMARY KEY (cnpform_id),KEY cnpfrm_id (cnpform_id)) ENGINE=InnoDB DEFAULT CHARSET=latin1;"; - require_once(ABSPATH . 'wp-admin/includes/upgrade.php');- dbDelta($sql);- }- if($wpdb->get_var("SHOW TABLES LIKE '".$cnp_table_name."'") != $cnp_table_name) {- $sql = "CREATE TABLE $cnp_table_name (- cnpform_ID int(9) NOT NULL AUTO_INCREMENT,- cnpform_groupname varchar(250) NOT NULL,- cnpform_cnpstngs_ID int(15) NOT NULL,- cnpform_AccountNumber varchar(250) NOT NULL,- cnpform_guid text NOT NULL,- cnpform_type text NOT NULL,- cnpform_ptype text NOT NULL,- cnpform_text varchar(250) NOT NULL,- cnpform_img blob NOT NULL,- cnpform_shortcode text,- cnpform_custommsg varchar(250) NOT NULL,- cnpform_Form_StartDate datetime NOT NULL,- cnpform_Form_EndDate datetime NOT NULL,- cnpform_status char(1) DEFAULT 'a',- cnpform_Date_Created datetime NOT NULL DEFAULT '0000-00-00 00:00:00',- cnpform_Date_Modified datetime NOT NULL DEFAULT '0000-00-00 00:00:00',- PRIMARY KEY (cnpform_ID),- KEY cnpfrm_id (cnpform_ID)) ENGINE=InnoDB DEFAULT CHARSET=utf8;";+ + if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_channelgrptable_name}'") != $cnp_channelgrptable_name) {+ $sql = "CREATE TABLE $cnp_channelgrptable_name (+ cnpchannelgrp_ID INT(9) NOT NULL AUTO_INCREMENT,+ cnpchannelgrp_groupname VARCHAR(250) NOT NULL,+ cnpchannelgrp_cnpstngs_ID INT(15) NOT NULL,+ cnpchannelgrp_shortcode TEXT,+ cnpchannelgrp_custommsg VARCHAR(250) NOT NULL,+ cnpchannelgrp_channel_StartDate DATETIME NOT NULL,+ cnpchannelgrp_channel_EndDate DATETIME NOT NULL,+ cnpchannelgrp_status CHAR(1) DEFAULT 'a',+ cnpchannelgrp_Date_Created DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ cnpchannelgrp_Date_Modified DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ PRIMARY KEY (cnpchannelgrp_ID),+ KEY cnpfrm_id (cnpchannelgrp_ID)+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;";+ require_once ABSPATH . 'wp-admin/includes/upgrade.php';+ dbDelta($sql);+ } -require_once(ABSPATH . 'wp-admin/includes/upgrade.php');-dbDelta($sql);- }- if($wpdb->get_var("SHOW TABLES LIKE '".$cnp_settingtable_name."'") != $cnp_settingtable_name) {- $sql = "CREATE TABLE $cnp_settingtable_name (- cnpstngs_ID int(9) NOT NULL AUTO_INCREMENT,- cnpstngs_frndlyname varchar(250) NOT NULL,- cnpstngs_AccountNumber varchar(250) NOT NULL,- cnpstngs_guid text NOT NULL,- cnpstngs_status char(1) DEFAULT 'a',- cnpstngs_Date_Created datetime NOT NULL DEFAULT '0000-00-00 00:00:00',- cnpstngs_Date_Modified datetime NOT NULL DEFAULT '0000-00-00 00:00:00',- PRIMARY KEY (cnpstngs_ID),- KEY cnpstngs_id (cnpstngs_ID)) ENGINE=InnoDB DEFAULT CHARSET=utf8;";+ + if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_channeltable_name}'") != $cnp_channeltable_name) {+ $sql = "CREATE TABLE $cnp_channeltable_name (+ cnpchannel_id INT(15) NOT NULL AUTO_INCREMENT,+ cnpchannel_cnpchannelgrp_ID INT(15) NOT NULL,+ cnpchannel_channelName VARCHAR(250) NOT NULL,+ cnpchannel_channelStartDate DATETIME NOT NULL,+ cnpchannel_channelEndDate DATETIME NOT NULL,+ cnpchannel_channelStatus CHAR(1) NOT NULL DEFAULT 'a',+ cnpchannel_DateCreated DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ cnpchannel_DateModified DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ PRIMARY KEY (cnpchannel_id),+ KEY cnpfrm_id (cnpchannel_id)+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;";+ require_once ABSPATH . 'wp-admin/includes/upgrade.php';+ dbDelta($sql);+ } - require_once(ABSPATH . 'wp-admin/includes/upgrade.php');- dbDelta($sql);- }+ + if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_formtable_name}'") != $cnp_formtable_name) {+ $sql = "CREATE TABLE $cnp_formtable_name (+ cnpform_id INT(15) NOT NULL AUTO_INCREMENT,+ cnpform_cnpform_ID INT(15) NOT NULL,+ cnpform_CampaignName VARCHAR(250) NOT NULL,+ cnpform_FormName VARCHAR(250) NOT NULL,+ cnpform_GUID VARCHAR(250) NOT NULL,+ cnpform_FormStartDate DATETIME NOT NULL,+ cnpform_FormEndDate DATETIME NOT NULL,+ cnpform_FormStatus CHAR(1) NOT NULL DEFAULT 'a',+ cnpform_DateCreated DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ cnpform_DateModified DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ PRIMARY KEY (cnpform_id),+ KEY cnpfrm_id (cnpform_id)+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;";+ require_once ABSPATH . 'wp-admin/includes/upgrade.php';+ dbDelta($sql);+ }++ + if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_table_name}'") != $cnp_table_name) {+ $sql = "CREATE TABLE $cnp_table_name (+ cnpform_ID INT(9) NOT NULL AUTO_INCREMENT,+ cnpform_groupname VARCHAR(250) NOT NULL,+ cnpform_cnpstngs_ID INT(15) NOT NULL,+ cnpform_AccountNumber VARCHAR(250) NOT NULL,+ cnpform_guid TEXT NOT NULL,+ cnpform_type TEXT NOT NULL,+ cnpform_ptype TEXT NOT NULL,+ cnpform_text VARCHAR(250) NOT NULL,+ cnpform_img BLOB NOT NULL,+ cnpform_shortcode TEXT,+ cnpform_custommsg VARCHAR(250) NOT NULL,+ cnpform_Form_StartDate DATETIME NOT NULL,+ cnpform_Form_EndDate DATETIME NOT NULL,+ cnpform_status CHAR(1) DEFAULT 'a',+ cnpform_Date_Created DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ cnpform_Date_Modified DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ PRIMARY KEY (cnpform_ID),+ KEY cnpfrm_id (cnpform_ID)+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;";+ require_once ABSPATH . 'wp-admin/includes/upgrade.php';+ dbDelta($sql);+ }++ + if ($wpdb->get_var("SHOW TABLES LIKE '{$cnp_settingtable_name}'") != $cnp_settingtable_name) {+ $sql = "CREATE TABLE $cnp_settingtable_name (+ cnpstngs_ID INT(9) NOT NULL AUTO_INCREMENT,+ cnpstngs_frndlyname VARCHAR(250) NOT NULL,+ cnpstngs_AccountNumber VARCHAR(250) NOT NULL,+ cnpstngs_guid TEXT NOT NULL,+ cnpstngs_status CHAR(1) DEFAULT 'a',+ cnpstngs_Date_Created DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ cnpstngs_Date_Modified DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',+ PRIMARY KEY (cnpstngs_ID),+ KEY cnpstngs_id (cnpstngs_ID)+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;";+ require_once ABSPATH . 'wp-admin/includes/upgrade.php';+ dbDelta($sql);+ } }+ add_action( 'plugins_loaded', 'cnpconnectplugin_update_db_check' ); /* Creates the admin menu for the plugin */@@ -224,43 +244,74 @@ } function cnp_getCnPUserChannelList($cnpacid) {- $cnpcnntaccountid = explode("~",$_POST['cnpacid']);- $cnpcntaccountid = $cnpcnntaccountid[0];- $cnpaccountGUID = $cnpcnntaccountid[1];- $cnpUID = "14059359-D8E8-41C3-B628-E7E030537905";- $cnpKey = "5DC1B75A-7EFA-4C01-BDCD-E02C536313A3";- $connect = array('soap_version' => SOAP_1_1, 'trace' => 1, 'exceptions' => 0);- $client = new SoapClient(CNP_CF_PLUGIN_PATH.'Auth2.wsdl', $connect);- - if( isset($cnpcntaccountid) && $cnpcntaccountid !="" && isset($cnpaccountGUID) && $cnpaccountGUID !="")- { - $xmlr = new SimpleXMLElement("<GetPledgeTVChannelList></GetPledgeTVChannelList>");- $cnpsel ="";- $xmlr->addChild('accountId', $cnpcntaccountid);- $xmlr->addChild('AccountGUID', $cnpaccountGUID);- $xmlr->addChild('username', $cnpUID);- $xmlr->addChild('password', $cnpKey);- $response = $client->GetPledgeTVChannelList($xmlr);- - $responsearr = $response->GetPledgeTVChannelListResult->PledgeTVChannel; - $cnptblresltdsply .= '';- - if(count($responsearr)>1){- for($inc = 0 ; $inc < count($responsearr);$inc++)- {- - $cnptblresltdsply .= '<tr><td>'.$responsearr[$inc]->ChannelURLID.'</td><td>'.$responsearr[$inc]->ChannelName.'</td><td>'.$responsearr[$inc]->CreatedDate.'</td><td>[CnP.pledgeTV '.$responsearr[$inc]->ChannelURLID.']</td></tr>';- }- }- else if(count($responsearr)==1){- $cnptblresltdsply .= '<tr><td>'.$responsearr->ChannelURLID.'</td><td>'.$responsearr->ChannelName.'</td><td>'.$responsearr->CreatedDate.'</td><td>[CnP.pledgeTV '.$responsearr->ChannelURLID.']</td></tr>';- }- }- - echo $cnptblresltdsply;- - die();+if (isset($_POST['cnpacid'])) {+ $cnpcnntaccountid = explode("~", sanitize_text_field($_POST['cnpacid']));+ + if (count($cnpcnntaccountid) === 2) {+ $cnpcntaccountid = $cnpcnntaccountid[0];+ $cnpaccountGUID = $cnpcnntaccountid[1];+ } else {+ die('Invalid input format.');+ }++ $cnpUID = "14059359-D8E8-41C3-B628-E7E030537905";+ $cnpKey = "5DC1B75A-7EFA-4C01-BDCD-E02C536313A3";+ $connect = array('soap_version' => SOAP_1_1, 'trace' => 1, 'exceptions' => true);++ try {+ + $client = new SoapClient(CNP_CF_PLUGIN_PATH . 'Auth2.wsdl', $connect);++ if (!empty($cnpcntaccountid) && !empty($cnpaccountGUID)) {+ + $xmlr = new SimpleXMLElement("<GetPledgeTVChannelList></GetPledgeTVChannelList>");+ $xmlr->addChild('accountId', htmlspecialchars($cnpcntaccountid));+ $xmlr->addChild('AccountGUID', htmlspecialchars($cnpaccountGUID));+ $xmlr->addChild('username', htmlspecialchars($cnpUID));+ $xmlr->addChild('password', htmlspecialchars($cnpKey));++ $response = $client->GetPledgeTVChannelList($xmlr);++ if (isset($response->GetPledgeTVChannelListResult->PledgeTVChannel)) {+ $responsearr = $response->GetPledgeTVChannelListResult->PledgeTVChannel;++ $cnptblresltdsply = '';++ if (is_array($responsearr)) {+ foreach ($responsearr as $channel) {+ $cnptblresltdsply .= '<tr>+ <td>' . htmlspecialchars($channel->ChannelURLID) . '</td>+ <td>' . htmlspecialchars($channel->ChannelName) . '</td>+ <td>' . htmlspecialchars($channel->CreatedDate) . '</td>+ <td>[CnP.pledgeTV ' . htmlspecialchars($channel->ChannelURLID) . ']</td>+ </tr>';+ }+ } else { + $cnptblresltdsply .= '<tr>+ <td>' . htmlspecialchars($responsearr->ChannelURLID) . '</td>+ <td>' . htmlspecialchars($responsearr->ChannelName) . '</td>+ <td>' . htmlspecialchars($responsearr->CreatedDate) . '</td>+ <td>[CnP.pledgeTV ' . htmlspecialchars($responsearr->ChannelURLID) . ']</td>+ </tr>';+ }+ + echo $cnptblresltdsply;+ } else {+ echo '<tr><td colspan="4">No channels found.</td></tr>';+ }+ }+ } catch (Exception $e) {+ // Log error and output a friendly error message+ error_log('SOAP Error: ' . $e->getMessage());+ echo '<tr><td colspan="4">An error occurred while fetching data. Please try again later.</td></tr>';+ }+} else {+ echo '<tr><td colspan="4">Invalid request.</td></tr>';+}++die();+ } /* Admin Page setup */ function CNP_Plugin_Menu() {@@ -414,51 +465,79 @@ require(dirname(__FILE__) . '/channelAdd.php'); require(dirname(__FILE__) . '/ChannelDetails.php'); function CNPCF_friendlyname() {-global $wpdb; global $cnp_settingtable_name;-$scnpSQL = "SELECT * FROM ".$cnp_settingtable_name." where cnpstngs_frndlyname ='".$_POST['param']."'";-$cnpresults = $wpdb->get_results($scnpSQL);-$cnpformrows = $wpdb->num_rows;-if($cnpformrows > 0)-{- echo "Friendly Name already exist.";- wp_die();+global $wpdb, $cnp_settingtable_name;++$param = sanitize_text_field($_POST['param']);++$scnpSQL = $wpdb->prepare(+ "SELECT * FROM {$cnp_settingtable_name} WHERE cnpstngs_frndlyname = %s",+ $param+);++$cnpresults = $wpdb->get_results($scnpSQL);+$cnpformrows = count($cnpresults);++if ($cnpformrows > 0) {+ echo "Friendly Name already exists.";+ wp_die(); } + } function CNPCF_cnpchnlgroupname() { global $wpdb; global $cnp_channelgrptable_name;- $scnpSQL = "SELECT * FROM ".$cnp_channelgrptable_name." where cnpchannelgrp_groupname = '".$_POST['param']."'";- $cnpresults = $wpdb->get_results($scnpSQL);- $cnpformrows = $wpdb->num_rows;- if($cnpformrows > 0)- {- echo "Channel group name already exist.";- wp_die();- }++$param = sanitize_text_field($_POST['param']);++$scnpSQL = $wpdb->prepare(+ "SELECT * FROM {$cnp_channelgrptable_name} WHERE cnpchannelgrp_groupname = %s",+ $param+);+$cnpresults = $wpdb->get_results($scnpSQL);+$cnpformrows = count($cnpresults);++if ($cnpformrows > 0) {+ echo "Channel group name already exists.";+ wp_die();+}+ } function CNPCF_cnpgroupname() {-global $wpdb; global $cnp_table_name;- $scnpSQL = "SELECT * FROM ".$cnp_table_name." where cnpform_groupname = '".$_POST['param']."'";- $cnpresults = $wpdb->get_results($scnpSQL);- $cnpformrows = $wpdb->num_rows;- if($cnpformrows > 0)- {- echo "Form group name already exist.";- wp_die();- }+global $wpdb, $cnp_table_name;++$param = sanitize_text_field($_POST['param']);++$scnpSQL = $wpdb->prepare(+ "SELECT * FROM {$cnp_table_name} WHERE cnpform_groupname = %s",+ $param+);+$cnpresults = $wpdb->get_results($scnpSQL);+$cnpformrows = count($cnpresults);++if ($cnpformrows > 0) {+ echo "Form group name already exists.";+ wp_die();+} } function CNPCF_cnpaccountid() {-global $wpdb; global $cnp_settingtable_name;- $scnpSQL = "SELECT * FROM ".$cnp_settingtable_name." where cnpstngs_AccountNumber = '".$_POST['param']."'";- $cnpresults = $wpdb->get_results($scnpSQL);- $cnpformrows = $wpdb->num_rows;- if($cnpformrows > 0)- {- echo "Account already exist.";- wp_die();- }+global $wpdb, $cnp_settingtable_name;++$param = sanitize_text_field($_POST['param']);++$scnpSQL = $wpdb->prepare(+ "SELECT * FROM {$cnp_settingtable_name} WHERE cnpstngs_AccountNumber = %s",+ $param+);++$cnpresults = $wpdb->get_results($scnpSQL);+$cnpformrows = count($cnpresults);++if ($cnpformrows > 0) {+ echo "Account already exists.";+ wp_die();+} } add_action('wp_ajax_CNPCF_friendlyname', 'CNPCF_friendlyname');@@ -477,193 +556,193 @@ wp_localize_script( 'ajax-js', 'ajax_params', array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) ); } add_action( 'wp_enqueue_scripts', 'load_jquery' );-function isexistpledgetvchannel($cnpaccid, $cnpaccguid,$channelid)+function isexistpledgetvchannel($cnpaccid, $cnpaccguid, $channelid) {- $cnpcntaccountid = $cnpaccid;- $cnpaccountGUID = $cnpaccguid;- $cnpUID = "14059359-D8E8-41C3-B628-E7E030537905";- $cnpKey = "5DC1B75A-7EFA-4C01-BDCD-E02C536313A3";- $connect = array('soap_version' => SOAP_1_1, 'trace' => 1, 'exceptions' => 0);- $client = new SoapClient(CNP_CF_PLUGIN_PATH.'Auth2.wsdl', $connect);- - if( isset($cnpcntaccountid) && $cnpcntaccountid !="" && isset($cnpaccountGUID) && $cnpaccountGUID !="")- { - $xmlr = new SimpleXMLElement("<GetPledgeTVChannelList></GetPledgeTVChannelList>");- $cnpsel ="";- $xmlr->addChild('accountId', $cnpcntaccountid);- $xmlr->addChild('AccountGUID', $cnpaccountGUID);- $xmlr->addChild('username', $cnpUID);- $xmlr->addChild('password', $cnpKey);- $response = $client->GetPledgeTVChannelList($xmlr);- //print_r($response);- $responsearr = $response->GetPledgeTVChannelListResult->PledgeTVChannel;- $cnptblresltdsply .= '';- $channelfound = "no";- if(count($responsearr)>1){- for($inc = 0 ; $inc < count($responsearr);$inc++)- {- - if($channelid == $responsearr[$inc]->ChannelURLID){- $channelfound = "yes~".$responsearr[$inc]->ChannelName;- }- }- }- else{ - if($channelid == $responsearr->ChannelURLID){- $channelfound = "yes~".$responsearr->ChannelName;- }- }- }-return $channelfound;-}-function cnpform_GetShortCode($frmid){-- global $wpdb;- global $cnp_table_name;- global $rtrnstr;-- $chkshortcodexit = CNPCF_isExistShortcode($frmid[0]);-- if($chkshortcodexit)- {- add_action('wp_footer', 'cnphook_js');- $cnpgrpnm= str_replace('-', ' ', $frmid[0]);- $formid = CNPCF_getformsofGroup($cnpgrpnm);- $formtyp = CNPCF_getFormType($cnpgrpnm);-- if(count($formid) >=1){- $rtrnstrarr ="";- for($frminc=0;$frminc < count($formid);$frminc++)- {-- $attrs = array( 'data-guid' => $formid[$frminc]) ;- $attrs_string = '';- if(!empty( $attrs ) ) {-- foreach ( $attrs as $key => $value ) {- $attrs_string .= "$key='" . esc_attr( $value ) . "' ";- }- $attrs = ltrim( $attrs_string );+ $cnpUID = "14059359-D8E8-41C3-B628-E7E030537905";+ $cnpKey = "5DC1B75A-7EFA-4C01-BDCD-E02C536313A3";+ $connect = ['soap_version' => SOAP_1_1, 'trace' => 1, 'exceptions' => 0];++ try {+ + $wsdlPath = CNP_CF_PLUGIN_PATH . 'Auth2.wsdl';+ if (!file_exists($wsdlPath)) {+ throw new Exception("WSDL file not found: $wsdlPath");+ }++ + $client = new SoapClient($wsdlPath, $connect);++ if (!empty($cnpaccid) && !empty($cnpaccguid)) {+ + $xmlRequest = new SimpleXMLElement("<GetPledgeTVChannelList></GetPledgeTVChannelList>");+ $xmlRequest->addChild('accountId', $cnpaccid);+ $xmlRequest->addChild('AccountGUID', $cnpaccguid);+ $xmlRequest->addChild('username', $cnpUID);+ $xmlRequest->addChild('password', $cnpKey);++ + $response = $client->GetPledgeTVChannelList($xmlRequest);++ + $channels = $response->GetPledgeTVChannelListResult->PledgeTVChannel ?? null;+ $channelFound = "no";++ if ($channels) {+ + if (is_array($channels)) {+ foreach ($channels as $channel) {+ if ($channelid == $channel->ChannelURLID) {+ $channelFound = "yes~" . $channel->ChannelName;+ break;+ }+ }+ }+ + elseif ($channelid == $channels->ChannelURLID) {+ $channelFound = "yes~" . $channels->ChannelName;+ }+ }+ }+ } catch (Exception $e) {+ + error_log("SOAP Error: " . $e->getMessage());+ return "An error occurred. Please try again later.";+ } - }- $cnpshortcodearray = explode("--",$formtyp);-//" . $attrs . "- if($cnpshortcodearray[0] == 'inline')- {- $rtrnstrarr ='<div class="CnP_inlineform" '.$attrs.'></div>'; - - - }- else if($cnpshortcodearray[0] == 'popup')- {- - if($cnpshortcodearray[1] == 'text')- {- $cnpGetImagesql = $cnpshortcodearray[2];- $rtrnstrarr.= '<a class="CnP_formlink" data-guid="'.$formid[$frminc].'">'.$cnpGetImagesql.'</a>';- }- else if($cnpshortcodearray[1] == 'button')- {- - $cnpGetbuttontext = $cnpshortcodearray[2];- - //$rtrnstrarr.= '<p><input class="CnP_formlink" type="button" value="'.$cnpGetbuttontext.'" data-guid="'.$formid[$frminc].'" /></p>';- $cnpcurdatetim = date("hisYmd");- //$rtrnstrarr.= '<p><button class="CnP_formlink" type="button" data-guid="'.$formid[$frminc].'" >'.$cnpGetbuttontext.'</button></p>';- - $rtrnstrarr.= '<div class="wp-block-buttons">- <div class="wp-block-button"><a href="javascript:void(0);" class="wp-block-button__link CnP_formlink" data-guid="'.$formid[$frminc] ."". $cnpcurdatetim.'" style="cursor: pointer;">'.$cnpGetbuttontext.'</a></div>- </div>';- + return $channelFound;+} - }- else if($cnpshortcodearray[1] == 'image')- {- $cnpGetImage = $cnpshortcodearray[3];- $rtrnstrarr.= '<img class="CnP_formlink " src="data:image/jpeg;base64,'.base64_encode($cnpGetImage).'" data-guid="'.$formid[$frminc].'" style="cursor: pointer;">';- }- }- - }- return $rtrnstrarr;- }else{- $rtrnstr = CNPCF_getGroupCustomerrmsg($frmid[0]);- return $rtrnstr;+function cnpform_GetShortCode($frmid){ - }- }- else- {- +global $wpdb;+global $cnp_table_name;+global $rtrnstr;+++$chkshortcodexit = CNPCF_isExistShortcode($frmid[0]);++if ($chkshortcodexit) {+ + add_action('wp_footer', 'cnphook_js');++ + $cnpgrpnm = str_replace('-', ' ', $frmid[0]);+ $formid = CNPCF_getformsofGroup($cnpgrpnm);+ $formtyp = CNPCF_getFormType($cnpgrpnm);++ if (count($formid) >= 1) {+ $rtrnstrarr = '';++ for ($frminc = 0; $frminc < count($formid); $frminc++) {+ $attrs = ['data-guid' => $formid[$frminc]];+ $attrs_string = '';++ foreach ($attrs as $key => $value) {+ $attrs_string .= "$key='" . esc_attr($value) . "' ";+ }+ $attrs_string = ltrim($attrs_string);++ $cnpshortcodearray = explode("--", $formtyp);++ if ($cnpshortcodearray[0] === 'inline') {+ $rtrnstrarr .= '<div class="CnP_inlineform" ' . $attrs_string . '></div>';+ } elseif ($cnpshortcodearray[0] === 'popup') {+ if ($cnpshortcodearray[1] === 'text') {+ $cnpGetImagesql = $cnpshortcodearray[2];+ $rtrnstrarr .= '<a class="CnP_formlink" data-guid="' . $formid[$frminc] . '">' . $cnpGetImagesql . '</a>';+ } elseif ($cnpshortcodearray[1] === 'button') {+ $cnpGetbuttontext = $cnpshortcodearray[2];+ $cnpcurdatetim = "";++ $rtrnstrarr .= '<div class="wp-block-buttons">+ <div class="wp-block-button">+ <a href="javascript:void(0);" class="wp-block-button__link CnP_formlink" data-guid="' . $formid[$frminc] . $cnpcurdatetim . '" style="cursor: pointer;">' . $cnpGetbuttontext . '</a>+ </div>+ </div>';+ } elseif ($cnpshortcodearray[1] === 'image') {+ $cnpGetImage = $cnpshortcodearray[3];+ $rtrnstrarr .= '<img class="CnP_formlink" src="data:image/jpeg;base64,' . base64_encode($cnpGetImage) . '" data-guid="' . $formid[$frminc] . '" style="cursor: pointer;">';+ }+ }+ }++ return $rtrnstrarr;+ } else {+ $rtrnstr = CNPCF_getGroupCustomerrmsg($frmid[0]);+ return $rtrnstr;+ }+} else {+ $rtrnstr = CNPCF_getGroupCustomerrmsg($frmid[0]);+ return $rtrnstr;+} - $rtrnstr =CNPCF_getGroupCustomerrmsg($frmid[0]);- return $rtrnstr;- } } function cnpform_GetPledgeTVChannelsShortCode($chnlid){ - global $wpdb;- global $cnp_table_name;- global $rtrnstr;-- $chkshortcodexit = CNPCF_isExistchannelShortcode($chnlid[0]);-- if($chkshortcodexit)- {- - $cnpgrpnm = str_replace('-', ' ', $chnlid[0]);- $channelid = CNPCF_getchannelsofGroup($cnpgrpnm);- - if(count($channelid) >=1){- $rtrnstrarr ="";- for($frminc=0;$frminc < count($channelid);$frminc++)- {- $attrs = array('class' => 'cnp_pledgetv_wrapper', 'data-channel' => $channelid[$frminc],'data-iframe-width'=>'100%','data-iframe-height'=>'315') ;- $attrs_string = '';- if(!empty( $attrs ) ) {-- foreach ( $attrs as $key => $value ) {- $attrs_string .= "$key='" . esc_attr( $value ) . "' ";- }- $attrs = ltrim( $attrs_string );-- }- $tvrtrnstr ="<script>var list = document.getElementsByTagName('script');- var i = list.length, flag = false;- while (i--) { - if (list[i].src === 'https://pledge.tv/library/js/pledgetv.js') {- flag = true;- break;- }- }-- if (!flag) {- var tag = document.createElement('script');- tag.src = 'https://pledge.tv/library/js/pledgetv.js';- document.getElementsByTagName('body')[0].appendChild(tag);- }</script>";- - }- $tvrtrnstr.='<div '.$attrs .'></div>';- return $tvrtrnstr;- }else{- $rtrnstr = CNPCF_getGroupchnlCustomerrmsg($chnlid[0]);- return $rtrnstr;+global $wpdb;+global $cnp_table_name;+global $rtrnstr;++$chkshortcodexit = CNPCF_isExistchannelShortcode($chnlid[0]);++if ($chkshortcodexit) {+ $cnpgrpnm = str_replace('-', ' ', $chnlid[0]);+ $channelid = CNPCF_getchannelsofGroup($cnpgrpnm);++ if (count($channelid) >= 1) {+ $rtrnstrarr = "";++ for ($frminc = 0; $frminc < count($channelid); $frminc++) {+ $attrs = [+ 'class' => 'cnp_pledgetv_wrapper',+ 'data-channel' => $channelid[$frminc],+ 'data-iframe-width' => '100%',+ 'data-iframe-height' => '315'+ ];++ $attrs_string = '';+ foreach ($attrs as $key => $value) {+ $attrs_string .= "$key='" . esc_attr($value) . "' ";+ }++ $attrs_string = ltrim($attrs_string);++ $tvrtrnstr = "<script>+ var list = document.getElementsByTagName('script');+ var i = list.length, flag = false;+ while (i--) { + if (list[i].src === 'https://pledge.tv/library/js/pledgetv.js') {+ flag = true;+ break;+ }+ }++ if (!flag) {+ var tag = document.createElement('script');+ tag.src = 'https://pledge.tv/library/js/pledgetv.js';+ document.getElementsByTagName('body')[0].appendChild(tag);+ }+ </script>";++ $tvrtrnstr .= '<div ' . $attrs_string . '></div>';+ }++ return $tvrtrnstr;+ } else {+ $rtrnstr = CNPCF_getGroupchnlCustomerrmsg($chnlid[0]);+ return $rtrnstr;+ }+} else {+ $rtrnstr = CNPCF_getGroupchnlCustomerrmsg($chnlid[0]);+ return $rtrnstr;+} - }- }- else- {- - $rtrnstr =CNPCF_getGroupchnlCustomerrmsg($chnlid[0]);- return $rtrnstr;- } } function cnpform_GetPledgeTVChannelShortCode($chanelid){ global $wpdb; global $cnp_table_name;- //global $tvrtrnstr;+ $attrs = array('class' => 'cnp_pledgetv_wrapper', 'data-channel' => $chanelid[0],'data-iframe-width'=>'100%','data-iframe-height'=>'315') ; $attrs_string = '';@@ -727,7 +806,7 @@ add_action('admin_footer', 'cnpadddatetimepicker',1000); function cnphook_js() {- echo '<div style="display:none;"><input type="hidden" name="cnpversion" id="cnpversion" value="2.23110000-WP6.4.1" /></div>';+ echo '<div style="display:none;"><input type="hidden" name="cnpversion" id="cnpversion" value="2.24120000-WP6.7.1" /></div>'; ?> <script>
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - clickandpledge_form.php lines 108-112
Old Code:
```php
$check_column = (array) $wpdb->get_results("SELECT count(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=DATABASE() AND TABLE_NAME = '$cnp_formtable_name' AND COLUMN_NAME = 'cnpform_urlparameters'")[0];
```
Fixed Code:
```php
$check_column = $wpdb->get_var(
$wpdb->prepare(
"SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = %s AND COLUMN_NAME = %s",
$cnp_formtable_name,
'cnpform_urlparameters'
)
);
```
Explanation:
The old code directly concatenated the table name variable `$cnp_formtable_name` into the SQL query without sanitization, making it vulnerable to SQL injection if an attacker could control this variable. The fixed code uses WordPress's `$wpdb->prepare()` with proper placeholders (`%s`) to safely parameterize the query, neutralizing the injection risk.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - clickandpledge_form.php lines 247-249
Old Code:
```php
$cnpcnntaccountid = explode("~",$_POST['cnpacid']);
```
Fixed Code:
```php
$cnpcnntaccountid = explode("~", sanitize_text_field($_POST['cnpacid']));
```
Explanation:
The old code used unsanitized `$_POST['cnpacid']` input, which could allow an attacker to inject malicious scripts if the value is later output to the page. The fixed code applies `sanitize_text_field()` to the input, which removes dangerous characters and helps prevent stored or reflected XSS vulnerabilities.
---
Vulnerability Existed: yes
FALSE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - clickandpledge_form.php lines 267-271
Old Code:
```php
$xmlr->addChild('accountId', $cnpcntaccountid);
$xmlr->addChild('AccountGUID', $cnpaccountGUID);
$xmlr->addChild('username', $cnpUID);
$xmlr->addChild('password', $cnpKey);
```
Fixed Code:
```php
$xmlr->addChild('accountId', htmlspecialchars($cnpcntaccountid));
$xmlr->addChild('AccountGUID', htmlspecialchars($cnpaccountGUID));
$xmlr->addChild('username', htmlspecialchars($cnpUID));
$xmlr->addChild('password', htmlspecialchars($cnpKey));
```
Explanation:
The old code inserted user-controlled values (`$cnpcntaccountid`, `$cnpaccountGUID`) into XML without escaping, potentially enabling XML injection or XSS if the XML is parsed and rendered. The fixed code uses `htmlspecialchars()` to encode special characters, preventing them from being interpreted as XML markup.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - clickandpledge_form.php lines 469-471
Old Code:
```php
$scnpSQL = "SELECT * FROM ".$cnp_settingtable_name." where cnpstngs_frndlyname ='".$_POST['param']."'";
```
Fixed Code:
```php
$scnpSQL = $wpdb->prepare(
"SELECT * FROM {$cnp_settingtable_name} WHERE cnpstngs_frndlyname = %s",
$param
);
```
Explanation:
The old code directly embedded unsanitized `$_POST['param']` into an SQL query, creating a classic SQL injection vector. The fixed code uses `$wpdb->prepare()` with a placeholder to safely bind the sanitized parameter (`$param`), eliminating the injection risk.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - clickandpledge_form.php lines 489-491
Old Code:
```php
$scnpSQL = "SELECT * FROM ".$cnp_channelgrptable_name." where cnpchannelgrp_groupname = '".$_POST['param']."'";
```
Fixed Code:
```php
$scnpSQL = $wpdb->prepare(
"SELECT * FROM {$cnp_channelgrptable_name} WHERE cnpchannelgrp_groupname = %s",
$param
);
```
Explanation:
Similar to the previous vulnerability, unsanitized `$_POST['param']` was concatenated into an SQL query. The fix uses prepared statements with `$wpdb->prepare()` to securely incorporate the sanitized input.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - clickandpledge_form.php lines 511-513
Old Code:
```php
$scnpSQL = "SELECT * FROM ".$cnp_table_name." where cnpform_groupname = '".$_POST['param']."'";
```
Fixed Code:
```php
$scnpSQL = $wpdb->prepare(
"SELECT * FROM {$cnp_table_name} WHERE cnpform_groupname = %s",
$param
);
```
Explanation:
Another SQL injection vulnerability from unsanitized POST input concatenation. The fix replaces it with a prepared statement using `$wpdb->prepare()`.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - clickandpledge_form.php lines 531-533
Old Code:
```php
$scnpSQL = "SELECT * FROM ".$cnp_settingtable_name." where cnpstngs_AccountNumber = '".$_POST['param']."'";
```
Fixed Code:
```php
$scnpSQL = $wpdb->prepare(
"SELECT * FROM {$cnp_settingtable_name} WHERE cnpstngs_AccountNumber = %s",
$param
);
```
Explanation:
Same pattern: unsanitized POST input in SQL query. Fixed by using `$wpdb->prepare()` with parameter binding.
---
Vulnerability Existed: not sure
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor - clickandpledge_form.php lines 255-257
Old Code:
```php
$cnpUID = "14059359-D8E8-41C3-B628-E7E030537905";
$cnpKey = "5DC1B75A-7EFA-4C01-BDCD-E02C536313A3";
```
Fixed Code:
```php
$cnpUID = "14059359-D8E8-41C3-B628-E7E030537905";
$cnpKey = "5DC1B75A-7EFA-4C01-BDCD-E02C536313A3";
```
Explanation:
The credentials remain hardcoded in both versions, which is a security risk (CWE-798). However, since they are unchanged in the diff, it's unclear if this was intentionally addressed. The diff shows improved error handling (adding try-catch and error logging) but doesn't remove the hardcoded credentials, so the exposure risk persists.
CVE Analysis Results:
CVE-2025-32550: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.
[CVE-2025-32550] [Click & Pledge CONNECT: 2.24080000-WP6.6.1→2.24120000-WP6.7.1] cnpChannelsDetails.php
AI: 5 vulnerabilities
2 false positives, 3 true positives
CVE-2025-32550
--- cache/click-pledge-connect_2.24080000-WP6.6.1/cnpChannelsDetails.php 2025-12-04 14:06:23.600345305 +0000+++ cache/click-pledge-connect_2.24120000-WP6.7.1/cnpChannelsDetails.php 2025-12-04 14:06:27.808615423 +0000@@ -1,130 +1,164 @@-<?php -function cnp_pledgetvchannelsdetails() { - - global $wpdb; global $cnp_settingtable_name;global $cnp_table_name; - $info = $_REQUEST["info"]; - $cnpresltdsply = ""; - if($info=="saved") - { - echo "<div class='updated' id='message'><p><strong>Form Added</strong>.</p></div>"; - } - if($info=="failed") - { - echo "<div class='updated' id='message'><p><strong>Already Existed</strong>.</p></div>"; - } - if($info=="upd") - { - echo "<div class='updated' id='message'><p><strong>Form updated</strong>.</p></div>"; - } - if($info=="sts") - { - echo "<div class='updated' id='message'><p><strong>Status updated</strong>.</p></div>"; - } - if($info=="del") - { - $delid=$_GET["did"]; - $wpdb->query("delete from ".$cnp_table_name." where cnpform_ID =".$delid); - echo "<div class='updated' id='message'><p><strong>Record Deleted.</strong>.</p></div>"; - } - if(isset($_GET['cnpsts']) && $_GET['cnpsts'] !="") - { - $cnpstsrtnval = CNPCF_updateCnPstatus($cnp_table_name,'cnpform_status','cnpform_ID',$_GET['cnpviewid'],$_GET['cnpsts']); - if($cnpstsrtnval == true){$cnpredirectval = "sts";}else{$cnpredirectval = "stsfail";} - wp_redirect("admin.php?page=cnp_formsdetails&info=".$cnpredirectval); - exit; - } - -?> -<script type="text/javascript"> - /* <![CDATA[ */ - jQuery(document).ready(function(){ - - cnpchannelslist(); - jQuery('#cnpaccntid').change(function() { - - var oTable = jQuery('#cnpformslist').dataTable(); - oTable.fnClearTable(); - oTable.fnDraw(); - oTable.fnDestroy(); - cnpchannelslist(); - - }); - - }); - - function cnpchannelslist() - { - - var cnpconnectaccountid= jQuery('#cnpaccntid').val().trim(); - - jQuery.ajax({ - type: "POST", - url: ajaxurl , - serverSide: true, - data: { - 'action':'getCnPUserChannelList', - 'cnpacid':cnpconnectaccountid, - }, - cache: false, - beforeSend: function() { - jQuery("#dvldimg").show(); - jQuery('#cnpaccntid').attr("disabled", true); - - - }, - complete: function() { - - }, - success: function(htmlText) { - jQuery('#cnpaccntid').attr("disabled", false); - jQuery("#dvldimg").hide(); - - - var body = htmlText; - jQuery("#cnpformslist tbody").html(""); - if(htmlText != "") - { - - jQuery( "#cnpformslist tbody" ).append(body); - }else{ - -} - jQuery( "#cnpformslist" ).DataTable(); - jQuery("#cnpformslist tr:even").css("background-color", "#f1f1f1"); - }, - error: function(xhr, ajaxOptions, thrownError) { - alert(thrownError + "\r\n" + xhr.statusText + "\r\n" + xhr.responseText); - } - }); - - } - /* ]]> */ - -</script> -<style > -table#cnpformslist tr.even { - background-color: #f1f1f1; -} -</style> -<?php - $cnpresltdsply = '<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"><div class="wrap"> - <h2>Channels </h2>'; - $cnpresltdsply .= '<p><select name="cnpaccntid" id="cnpaccntid">'; - $sql = "select cnpstngs_AccountNumber,cnpstngs_frndlyname,cnpstngs_ID,cnpstngs_guid from ".$cnp_settingtable_name." where cnpstngs_status =1 order by cnpstngs_AccountNumber ASC"; - $result = $wpdb->get_results($sql); - if($wpdb->num_rows > 0 ) - { - foreach($result as $cnpformData): - $cnpdlctid=$cnpformData->cnpstngs_AccountNumber."~".$cnpformData->cnpstngs_guid; - $cnpresltdsply .= '<option value="'.$cnpdlctid.'" >'.$cnpformData->cnpstngs_frndlyname.' ( '.$cnpformData->cnpstngs_AccountNumber.')</option>'; - - endforeach; - } $cnpimgurl = plugins_url(CFCNP_PLUGIN_NAME."/images/ajax-loader_trans.gif"); - $cnpresltdsply .= ' </select><img id="dvldimg" src="'.$cnpimgurl.'" alt="Loading" class="cnp_loadertv" /></p><table class="wp-list-table widefat " id="cnpformslist" ><thead><tr><th><u>Channel</u></th><th><u>Channel Name</u></th><th><u>Created Date</u></th><th><u>Short Code <a class="tooltip" ><i class="fa fa-question-circle"></i><span class="tooltiptext">Please copy this code and place it in your required content pages, posts or any custom content types.</span></a></u></th></tr></thead><tbody>'; - - - //$cnpresltdsply .= '<tr><td colspan=10>No Record Found!</td><tr>'; - $cnpresltdsply .= '</tbody></table></div>'; - echo $cnpresltdsply; -} +<?php+function cnp_pledgetvchannelsdetails() {++ global $wpdb; global $cnp_settingtable_name;global $cnp_table_name;+ $info = $_REQUEST["info"];+ $cnpresltdsply = "";+ if($info=="saved")+ {+ echo "<div class='updated' id='message'><p><strong>Form Added</strong>.</p></div>";+ }+ if($info=="failed")+ {+ echo "<div class='updated' id='message'><p><strong>Already Existed</strong>.</p></div>";+ }+ if($info=="upd")+ {+ echo "<div class='updated' id='message'><p><strong>Form updated</strong>.</p></div>";+ }+ if($info=="sts")+ {+ echo "<div class='updated' id='message'><p><strong>Status updated</strong>.</p></div>";+ }+ if ($info === "del") {+ $delid = isset($_GET['did']) ? intval($_GET['did']) : 0; + if ($delid > 0) {+ $deleted = $wpdb->delete(+ $cnp_table_name, + ['cnpform_ID' => $delid],+ ['%d'] + );++ if ($deleted) {+ echo "<div class='updated' id='message'><p><strong>Record Deleted.</strong></p></div>";+ } else {+ echo "<div class='error' id='message'><p><strong>Error deleting the record.</strong></p></div>";+ }+ }+}++if (isset($_GET['cnpsts']) && $_GET['cnpsts'] !== "") {+ $cnpviewid = isset($_GET['cnpviewid']) ? intval($_GET['cnpviewid']) : 0; + $cnpsts = sanitize_text_field(wp_unslash($_GET['cnpsts'])); ++ if ($cnpviewid > 0) {+ $cnpstsrtnval = CNPCF_updateCnPstatus($cnp_table_name, 'cnpform_status', 'cnpform_ID', $cnpviewid, $cnpsts);++ $cnpredirectval = $cnpstsrtnval ? "sts" : "stsfail";++ wp_redirect(admin_url("admin.php?page=cnp_formsdetails&info=" . $cnpredirectval));+ exit;+ }+}+++?>+<script type="text/javascript">+ /* <![CDATA[ */+ jQuery(document).ready(function(){+ + cnpchannelslist();+ jQuery('#cnpaccntid').change(function() {+ + var oTable = jQuery('#cnpformslist').dataTable(); + oTable.fnClearTable();+ oTable.fnDraw();+ oTable.fnDestroy();+ cnpchannelslist(); + + }); + + });+ + function cnpchannelslist()+ { + + var cnpconnectaccountid= jQuery('#cnpaccntid').val().trim();+ + jQuery.ajax({+ type: "POST", + url: ajaxurl ,+ serverSide: true, + data: {+ 'action':'getCnPUserChannelList',+ 'cnpacid':cnpconnectaccountid,+ },+ cache: false,+ beforeSend: function() {+ jQuery("#dvldimg").show();+ jQuery('#cnpaccntid').attr("disabled", true); + ++ },+ complete: function() {+ + }, + success: function(htmlText) { + jQuery('#cnpaccntid').attr("disabled", false); + jQuery("#dvldimg").hide(); + + + var body = htmlText; + jQuery("#cnpformslist tbody").html(""); + if(htmlText != "")+ {+ + jQuery( "#cnpformslist tbody" ).append(body);+ }else{+ +}+ jQuery( "#cnpformslist" ).DataTable();+ jQuery("#cnpformslist tr:even").css("background-color", "#f1f1f1"); + },+ error: function(xhr, ajaxOptions, thrownError) {+ alert(thrownError + "\r\n" + xhr.statusText + "\r\n" + xhr.responseText);+ }+ });+ + }+ /* ]]> */++</script>+<style >+table#cnpformslist tr.even {+ background-color: #f1f1f1;+}+</style>+<?php+ $cnpresltdsply = '<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"><div class="wrap">+ <h2>Channels </h2>';++$cnpresltdsply .= '<p><select name="cnpaccntid" id="cnpaccntid">';+$sql = $wpdb->prepare(+ "SELECT cnpstngs_AccountNumber, cnpstngs_frndlyname, cnpstngs_ID, cnpstngs_guid FROM $cnp_settingtable_name WHERE cnpstngs_status = %d ORDER BY cnpstngs_AccountNumber ASC",+ 1 +);++$result = $wpdb->get_results($sql);+if ($result) {+ foreach ($result as $cnpformData) {+ $cnpdlctid = esc_attr($cnpformData->cnpstngs_AccountNumber . "~" . $cnpformData->cnpstngs_guid);+ $cnpresltdsply .= '<option value="' . $cnpdlctid . '">' . esc_html($cnpformData->cnpstngs_frndlyname) . ' (' . esc_html($cnpformData->cnpstngs_AccountNumber) . ')</option>';+ }+}++$cnpimgurl = esc_url(plugins_url(CFCNP_PLUGIN_NAME . "/images/ajax-loader_trans.gif"));+$cnpresltdsply .= ' </select><img id="dvldimg" src="' . $cnpimgurl . '" alt="Loading" class="cnp_loadertv" /></p>';++$cnpresltdsply .= '<table class="wp-list-table widefat" id="cnpformslist">+ <thead>+ <tr>+ <th><u>Channel</u></th>+ <th><u>Channel Name</u></th>+ <th><u>Created Date</u></th>+ <th><u>Short Code <a class="tooltip"><i class="fa fa-question-circle"></i><span class="tooltiptext">Please copy this code and place it in your required content pages, posts or any custom content types.</span></a></u></th>+ </tr>+ </thead>+ <tbody>';+++$cnpresltdsply .= '</tbody></table></div>';+echo $cnpresltdsply;++} ?>\ No newline at end of file
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - cnpChannelsDetails.php lines 24, 38-39
Old Code:
```php
$delid=$_GET["did"];
$wpdb->query("delete from ".$cnp_table_name." where cnpform_ID =".$delid);
```
Fixed Code:
```php
$delid = isset($_GET['did']) ? intval($_GET['did']) : 0;
if ($delid > 0) {
$deleted = $wpdb->delete(
$cnp_table_name,
['cnpform_ID' => $delid],
['%d']
);
```
Explanation:
The old code directly concatenated user input (`$_GET["did"]`) into an SQL query without validation or sanitization, making it vulnerable to SQL injection. The fixed code uses `intval()` to ensure the value is an integer and leverages WordPress's `$wpdb->delete()` method with prepared statement placeholders (`%d`), which properly neutralizes the input.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - cnpChannelsDetails.php lines 130-132
Old Code:
```php
$cnpdlctid=$cnpformData->cnpstngs_AccountNumber."~".$cnpformData->cnpstngs_guid;
$cnpresltdsply .= '<option value="'.$cnpdlctid.'" >'.$cnpformData->cnpstngs_frndlyname.' ( '.$cnpformData->cnpstngs_AccountNumber.')</option>';
```
Fixed Code:
```php
$cnpdlctid = esc_attr($cnpformData->cnpstngs_AccountNumber . "~" . $cnpformData->cnpstngs_guid);
$cnpresltdsply .= '<option value="' . $cnpdlctid . '">' . esc_html($cnpformData->cnpstngs_frndlyname) . ' (' . esc_html($cnpformData->cnpstngs_AccountNumber) . ')</option>';
```
Explanation:
The old code directly output database values into HTML without escaping, risking XSS if malicious data is stored in the database. The fixed code uses `esc_attr()` for the option value attribute and `esc_html()` for the displayed text, neutralizing any HTML special characters.
Vulnerability Existed: yes
FALSE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - cnpChannelsDetails.php lines 124-125
Old Code:
```php
$sql = "select cnpstngs_AccountNumber,cnpstngs_frndlyname,cnpstngs_ID,cnpstngs_guid from ".$cnp_settingtable_name." where cnpstngs_status =1 order by cnpstngs_AccountNumber ASC";
$result = $wpdb->get_results($sql);
```
Fixed Code:
```php
$sql = $wpdb->prepare(
"SELECT cnpstngs_AccountNumber, cnpstngs_frndlyname, cnpstngs_ID, cnpstngs_guid FROM $cnp_settingtable_name WHERE cnpstngs_status = %d ORDER BY cnpstngs_AccountNumber ASC",
1
);
$result = $wpdb->get_results($sql);
```
Explanation:
The old code used a hardcoded integer in the SQL query, which is generally safe but not consistently parameterized. The fixed code uses `$wpdb->prepare()` with a placeholder (`%d`) for the integer value, adopting a more secure pattern that prevents SQL injection if the query structure becomes dynamic in the future.
Vulnerability Existed: yes
FALSE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - cnpChannelsDetails.php line 138
Old Code:
```php
$cnpimgurl = plugins_url(CFCNP_PLUGIN_NAME."/images/ajax-loader_trans.gif");
$cnpresltdsply .= ' </select><img id="dvldimg" src="'.$cnpimgurl.'" alt="Loading" class="cnp_loadertv" /></p>';
```
Fixed Code:
```php
$cnpimgurl = esc_url(plugins_url(CFCNP_PLUGIN_NAME . "/images/ajax-loader_trans.gif"));
$cnpresltdsply .= ' </select><img id="dvldimg" src="' . $cnpimgurl . '" alt="Loading" class="cnp_loadertv" /></p>';
```
Explanation:
The old code directly output a URL without escaping. While `plugins_url()` typically returns a safe URL, using `esc_url()` ensures any unexpected characters are neutralized, preventing XSS via malicious URL schemes or characters.
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - cnpChannelsDetails.php lines 37-48
Old Code:
```php
if(isset($_GET['cnpsts']) && $_GET['cnpsts'] !="")
{
$cnpstsrtnval = CNPCF_updateCnPstatus($cnp_table_name,'cnpform_status','cnpform_ID',$_GET['cnpviewid'],$_GET['cnpsts']);
if($cnpstsrtnval == true){$cnpredirectval = "sts";}else{$cnpredirectval = "stsfail";}
wp_redirect("admin.php?page=cnp_formsdetails&info=".$cnpredirectval);
exit;
}
```
Fixed Code:
```php
if (isset($_GET['cnpsts']) && $_GET['cnpsts'] !== "") {
$cnpviewid = isset($_GET['cnpviewid']) ? intval($_GET['cnpviewid']) : 0;
$cnpsts = sanitize_text_field(wp_unslash($_GET['cnpsts']));
if ($cnpviewid > 0) {
$cnpstsrtnval = CNPCF_updateCnPstatus($cnp_table_name, 'cnpform_status', 'cnpform_ID', $cnpviewid, $cnpsts);
$cnpredirectval = $cnpstsrtnval ? "sts" : "stsfail";
wp_redirect(admin_url("admin.php?page=cnp_formsdetails&info=" . $cnpredirectval));
exit;
}
}
```
Explanation:
The old code used `$_GET['cnpviewid']` and `$_GET['cnpsts']` directly without validation. The fixed code validates `cnpviewid` with `intval()` and sanitizes `cnpsts` with `sanitize_text_field()`, preventing type confusion and injection attacks. It also adds a check (`$cnpviewid > 0`) to ensure a valid ID.
CVE Analysis Results:
CVE-2025-32550: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.
[CVE-2025-32550] [Click & Pledge CONNECT: 2.24080000-WP6.6.1→2.24120000-WP6.7.1] cnpFormDetails.php
AI: 4 vulnerabilities
1 false positive, 3 true positives
CVE-2025-32550
--- cache/click-pledge-connect_2.24080000-WP6.6.1/cnpFormDetails.php 2025-12-04 14:06:23.600345305 +0000+++ cache/click-pledge-connect_2.24120000-WP6.7.1/cnpFormDetails.php 2025-12-04 14:06:27.808615423 +0000@@ -1,93 +1,151 @@-<?php -function cnp_formsdetails() { - - global $wpdb; global $cnp_settingtable_name;global $cnp_table_name; - $info = $_REQUEST["info"]; - $cnpresltdsply = ""; - if($info=="saved") - { - echo "<div class='updated' id='message'><p><strong>Form Added</strong>.</p></div>"; - } - if($info=="failed") - { - echo "<div class='updated' id='message'><p><strong>Already Existed</strong>.</p></div>"; - } - if($info=="upd") - { - echo "<div class='updated' id='message'><p><strong>Form updated</strong>.</p></div>"; - } - if($info=="sts") - { - echo "<div class='updated' id='message'><p><strong>Status updated</strong>.</p></div>"; - } - if($info=="del") - { - $delid=$_GET["did"]; - $wpdb->query("delete from ".$cnp_table_name." where cnpform_ID =".$delid); - echo "<div class='updated' id='message'><p><strong>Record Deleted.</strong>.</p></div>"; - } - if(isset($_GET['cnpsts']) && $_GET['cnpsts'] !="") - { - $cnpstsrtnval = CNPCF_updateCnPstatus($cnp_table_name,'cnpform_status','cnpform_ID',$_GET['cnpviewid'],$_GET['cnpsts']); - if($cnpstsrtnval == true){$cnpredirectval = "sts";}else{$cnpredirectval = "stsfail";} - wp_redirect("admin.php?page=cnp_formsdetails&info=".$cnpredirectval); - exit; - } - -?> -<script type="text/javascript"> - /* <![CDATA[ */ - jQuery(document).ready(function(){ - jQuery('#cnpformslist').dataTable(); - jQuery("tr:even").css("background-color", "#f1f1f1"); - }); - /* ]]> */ - -</script> -<?php - $cnpresltdsply = '<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"><div class="wrap"> - <h2>Click & Pledge CONNECT Forms <a class="page-title-action add-new-h2" href="admin.php?page=cnpforms_add&act=add">Add New Form Group</a></h2><p></p> - <div class="cnp_scrollable_x"> - <table style="width:99%;" class="wp-list-table widefat cnp_table_w" id="cnpformslist" ><thead><tr><th>Group Name</th><th>Account #</th><th>Type</th><th>Short Code <a class="tooltip" ><i class="fa fa-question-circle"></i><span class="tooltiptext">Please copy this code and place it in your required content pages, posts or any custom content types. This code will run the series of the forms which has been added to this particular Form Group inside your content page.</span></a></th><th>Start Date/Time</th><th>End Date/Time</th><th>Active Form(s)</th><th>Last Modified</th><th>Status</th><th>Actions</th></tr></thead><tbody>'; - - $sql = "select * from ".$cnp_table_name." join ".$cnp_settingtable_name." on cnpform_cnpstngs_ID= cnpstngs_ID order by cnpform_Date_Modified DESC"; - $result = $wpdb->get_results($sql); - if($wpdb->num_rows > 0 ) - { - foreach($result as $cnpformData): - // <td nowrap><u><a href="admin.php?page=cnpform_add&cnpid='.$id.'"">Edit</a></u></td> - $nwenddt=""; - $cnpform_id = $cnpformData->cnpform_ID; - $gname = $cnpformData->cnpform_groupname; - $account = $cnpformData->cnpstngs_AccountNumber; - $frmstrtdt = $cnpformData->cnpform_Form_StartDate; - $frmenddt = $cnpformData->cnpform_Form_EndDate; - if($frmenddt == "0000-00-00 00:00:00") {$frmenddt ="";} - $frmtype = $cnpformData->cnpform_type; - if($frmtype == "popup"){$frmtype = "Overlay";} - if($frmtype == "inline"){$frmtype = "Inline";} - $frmshrtcode = $cnpformData->cnpform_shortcode; - $stdate = new DateTime($frmstrtdt); - if($frmenddt!=""){ - $eddate = new DateTime($frmenddt); - $nwenddt = $eddate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP);} - $mddate = new DateTime($cnpformData->cnpform_Date_Modified); - $frmmodifiddt = date_format(date_create($cnpformData->cnpform_Date_Modified),"d-m-Y H:i:s"); - $frmsts = CNPCF_getfrmsts($cnp_table_name,'cnpform_status','cnpform_ID',$cnpform_id); - if($frmenddt!=""){ - if(strtotime($frmenddt) < strtotime(CFCNP_PLUGIN_CURRENTTIME)){ - $frmsts ="Expired"; - } - } - $noofforms = CNPCF_getCountForms($cnpform_id); - $cnpresltdsply .= '<tr><td>'.$gname.'</td><td>'.$account.'</td><td >'.$frmtype.'</td><td>'.$frmshrtcode.'</td><td>'.$stdate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP).'</td><td>'.$nwenddt.'</td><td>'.$noofforms.'</td><td data-sort="'.strtotime($frmmodifiddt).'">'.$mddate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP).'</td> - <td><a href="admin.php?page=cnp_formsdetails&cnpsts='.$frmsts.'&cnpviewid='.$cnpform_id.'"">'.$frmsts.'</a></td> - <td><a href="admin.php?page=cnp_formdetails&cnpviewid='.$cnpform_id.'""><span class="dashicons dashicons-visibility"></span></a> | <a href="admin.php?page=cnpforms_add&act=edit&cnpviewid='.$cnpform_id.'""><span class="dashicons dashicons-edit"></span></a> | <a href="admin.php?page=cnp_formsdetails&info=del&did='.$cnpform_id.'" ><span class="dashicons dashicons-trash"></span></a></td></tr>'; - endforeach; - } - else {$cnpresltdsply .= '<tr><td>No Record Found!</td><tr>';} - - $cnpresltdsply .= '</tbody></table></div></div>'; - echo $cnpresltdsply; -} +<?php+function cnp_formsdetails() {++ global $wpdb; global $cnp_settingtable_name;global $cnp_table_name;+ if (isset($_REQUEST["info"])) {+ $info = sanitize_text_field($_REQUEST["info"]);+}+ $cnpresltdsply = "";+if (isset($info) && $info === "saved") { + echo "<div class='updated' id='message'><p><strong>Form Added</strong>.</p></div>";+ }+ if(isset($info) && $info === "failed")+ {+ echo "<div class='updated' id='message'><p><strong>Already Existed</strong>.</p></div>";+ }+ if(isset($info) && $info ==="upd")+ {+ echo "<div class='updated' id='message'><p><strong>Form updated</strong>.</p></div>";+ }+ if(isset($info) && $info ==="sts")+ {+ echo "<div class='updated' id='message'><p><strong>Status updated</strong>.</p></div>";+ }+ if (isset($info) && $info === "del") {+ + $delid = isset($_GET["did"]) ? absint($_GET["did"]) : 0;++ if ($delid > 0) {+ + $wpdb->query($wpdb->prepare("DELETE FROM {$cnp_table_name} WHERE cnpform_ID = %d", $delid));+ echo "<div class='updated' id='message'><p><strong>Record Deleted.</strong></p></div>";+ } else {+ echo "<div class='error' id='message'><p><strong>Invalid ID for deletion.</strong></p></div>";+ }+}++if (isset($_GET['cnpsts']) && $_GET['cnpsts'] != "") {+ + $cnpsts = sanitize_text_field($_GET['cnpsts']);+ $cnpviewid = absint($_GET['cnpviewid']);++ if ($cnpviewid > 0 && !empty($cnpsts)) {+ $cnpstsrtnval = CNPCF_updateCnPstatus($cnp_table_name, 'cnpform_status', 'cnpform_ID', $cnpviewid, $cnpsts);+ if ($cnpstsrtnval === true) {+ $cnpredirectval = "sts"; + } else {+ $cnpredirectval = "stsfail"; + }+ wp_redirect("admin.php?page=cnp_formsdetails&info=" . $cnpredirectval);+ exit;+ } else {+ wp_redirect("admin.php?page=cnp_formsdetails&info=invalid");+ exit;+ }+}+++?>+<script type="text/javascript">+ /* <![CDATA[ */+ jQuery(document).ready(function(){+ jQuery('#cnpformslist').dataTable();+ jQuery("tr:even").css("background-color", "#f1f1f1");+ });+ /* ]]> */++</script>+<?php+ $cnpresltdsply = '<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"><div class="wrap">+ <h2>Click & Pledge CONNECT Forms <a class="page-title-action add-new-h2" href="admin.php?page=cnpforms_add&act=add">Add New Form Group</a></h2><p></p>+ <div class="cnp_scrollable_x">+ <table style="width:99%;" class="wp-list-table widefat cnp_table_w" id="cnpformslist" ><thead><tr><th>Group Name</th><th>Account #</th><th>Type</th><th>Short Code <a class="tooltip" ><i class="fa fa-question-circle"></i><span class="tooltiptext">Please copy this code and place it in your required content pages, posts or any custom content types. This code will run the series of the forms which has been added to this particular Form Group inside your content page.</span></a></th><th>Start Date/Time</th><th>End Date/Time</th><th>Active Form(s)</th><th>Last Modified</th><th>Status</th><th>Actions</th></tr></thead><tbody>';++ ++$sql = "SELECT * + FROM {$cnp_table_name} + JOIN {$cnp_settingtable_name} + ON cnpform_cnpstngs_ID = cnpstngs_ID + ORDER BY cnpform_Date_Modified DESC";++$result = $wpdb->get_results($sql);+if ($wpdb->num_rows > 0) {+ foreach ($result as $cnpformData) {+ $nwenddt = "";+ $cnpform_id = $cnpformData->cnpform_ID;+ $gname = esc_html($cnpformData->cnpform_groupname); + $account = esc_html($cnpformData->cnpstngs_AccountNumber); + $frmstrtdt = $cnpformData->cnpform_Form_StartDate;+ $frmenddt = $cnpformData->cnpform_Form_EndDate;+ if ($frmenddt == "0000-00-00 00:00:00") {+ $frmenddt = "";+ }+ $frmtype = $cnpformData->cnpform_type;+ if ($frmtype == "popup") {+ $frmtype = "Overlay";+ }+ if ($frmtype == "inline") {+ $frmtype = "Inline";+ }+ $frmshrtcode = esc_html($cnpformData->cnpform_shortcode); + $stdate = new DateTime($frmstrtdt);+ if ($frmenddt != "") {+ $eddate = new DateTime($frmenddt);+ $nwenddt = $eddate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP);+ }+ $mddate = new DateTime($cnpformData->cnpform_Date_Modified);+ $frmmodifiddt = date_format(date_create($cnpformData->cnpform_Date_Modified), "d-m-Y H:i:s");++ + $frmsts = CNPCF_getfrmsts($cnp_table_name, 'cnpform_status', 'cnpform_ID', $cnpform_id);+ if ($frmenddt != "" && strtotime($frmenddt) < strtotime(CFCNP_PLUGIN_CURRENTTIME)) {+ $frmsts = "Expired";+ }++ + $noofforms = CNPCF_getCountForms($cnpform_id);++ + $cnpresltdsply .= '<tr>+ <td>' . esc_html($gname) . '</td>+ <td>' . esc_html($account) . '</td>+ <td>' . esc_html($frmtype) . '</td>+ <td>' . esc_html($frmshrtcode) . '</td>+ <td>' . $stdate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP) . '</td>+ <td>' . ($nwenddt ?: '–') . '</td>+ <td>' . esc_html($noofforms) . '</td>+ <td data-sort="' . strtotime($frmmodifiddt) . '">' . $mddate->format(CFCNP_PLUGIN_CURRENTDATETIMEFORMATPHP) . '</td>+ <td><a href="admin.php?page=cnp_formsdetails&cnpsts=' . esc_attr($frmsts) . '&cnpviewid=' . esc_attr($cnpform_id) . '">' . esc_html($frmsts) . '</a></td>+ <td>+ <a href="admin.php?page=cnp_formdetails&cnpviewid=' . esc_attr($cnpform_id) . '">+ <span class="dashicons dashicons-visibility"></span>+ </a> |+ <a href="admin.php?page=cnpforms_add&act=edit&cnpviewid=' . esc_attr($cnpform_id) . '">+ <span class="dashicons dashicons-edit"></span>+ </a> |+ <a href="admin.php?page=cnp_formsdetails&info=del&did=' . esc_attr($cnpform_id) . '">+ <span class="dashicons dashicons-trash"></span>+ </a>+ </td>+ </tr>';+ }+} else {+ $cnpresltdsply .= '<tr><td colspan="9">No Record Found!</td></tr>';+}++$cnpresltdsply .= '</tbody></table></div></div>';+echo $cnpresltdsply;++} ?>\ No newline at end of file
AI Analysis
Vulnerability Existed: yes
TRUE POSITIVE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - cnpFormDetails.php [27]
Old Code:
```php
$delid=$_GET["did"];
$wpdb->query("delete from ".$cnp_table_name." where cnpform_ID =".$delid);
```
Fixed Code:
```php
$delid = isset($_GET["did"]) ? absint($_GET["did"]) : 0;
if ($delid > 0) {
$wpdb->query($wpdb->prepare("DELETE FROM {$cnp_table_name} WHERE cnpform_ID = %d", $delid));
}
```
Explanation:
The old code directly concatenated user input (`$_GET["did"]`) into an SQL query without sanitization, allowing SQL injection. The fix uses `absint()` to ensure the value is a non-negative integer and `$wpdb->prepare()` with a placeholder (`%d`) to safely parameterize the query.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - cnpFormDetails.php [multiple lines]
Old Code:
```php
$gname = $cnpformData->cnpform_groupname;
$account = $cnpformData->cnpstngs_AccountNumber;
$frmshrtcode = $cnpformData->cnpform_shortcode;
$cnpresltdsply .= '<tr><td>'.$gname.'</td><td>'.$account.'</td><td >'.$frmtype.'</td><td>'.$frmshrtcode.'</td>...
```
Fixed Code:
```php
$gname = esc_html($cnpformData->cnpform_groupname);
$account = esc_html($cnpformData->cnpstngs_AccountNumber);
$frmshrtcode = esc_html($cnpformData->cnpform_shortcode);
$cnpresltdsply .= '<tr><td>' . esc_html($gname) . '</td><td>' . esc_html($account) . '</td><td>' . esc_html($frmtype) . '</td><td>' . esc_html($frmshrtcode) . '</td>...
```
Explanation:
The old code outputted database values directly into HTML without escaping, allowing stored XSS if malicious data was inserted. The fix uses `esc_html()` on all user-controlled data before output, neutralizing HTML special characters.
---
Vulnerability Existed: yes
TRUE POSITIVE
CWE-20: Improper Input Validation - cnpFormDetails.php [multiple lines]
Old Code:
```php
$info = $_REQUEST["info"];
if(isset($_GET['cnpsts']) && $_GET['cnpsts'] != "") {
$cnpstsrtnval = CNPCF_updateCnPstatus($cnp_table_name,'cnpform_status','cnpform_ID',$_GET['cnpviewid'],$_GET['cnpsts']);
}
```
Fixed Code:
```php
if (isset($_REQUEST["info"])) {
$info = sanitize_text_field($_REQUEST["info"]);
}
if (isset($_GET['cnpsts']) && $_GET['cnpsts'] != "") {
$cnpsts = sanitize_text_field($_GET['cnpsts']);
$cnpviewid = absint($_GET['cnpviewid']);
if ($cnpviewid > 0 && !empty($cnpsts)) {
$cnpstsrtnval = CNPCF_updateCnPstatus($cnp_table_name, 'cnpform_status', 'cnpform_ID', $cnpviewid, $cnpsts);
}
}
```
Explanation:
The old code used unsanitized user input (`$_REQUEST`, `$_GET`) directly. The fix validates and sanitizes inputs: `sanitize_text_field()` for text parameters, `absint()` for IDs, and checks for positive values before use, preventing type confusion and injection attacks.
---
Vulnerability Existed: yes
FALSE POSITIVE
CWE-352: Cross-Site Request Forgery (CSRF) - cnpFormDetails.php [multiple lines]
Old Code:
```php
<a href="admin.php?page=cnp_formsdetails&info=del&did='.$cnpform_id.'" ><span class="dashicons dashicons-trash"></span></a>
<a href="admin.php?page=cnp_formsdetails&cnpsts='.$frmsts.'&cnpviewid='.$cnpform_id.'"">'.$frmsts.'</a>
```
Fixed Code:
```php
<a href="admin.php?page=cnp_formsdetails&info=del&did=' . esc_attr($cnpform_id) . '">
<a href="admin.php?page=cnp_formsdetails&cnpsts=' . esc_attr($frmsts) . '&cnpviewid=' . esc_attr($cnpform_id) . '">
```
Explanation:
The old code lacks CSRF protection for state-changing actions (delete, status update). While the fix adds output escaping (`esc_attr()`), it does not add nonce verification. However, the diff shows no CSRF tokens were introduced, so the vulnerability persists despite other improvements.
CVE Analysis Results:
CVE-2025-32550: Yes
View CVE Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1.
Showing 1 to 20 of 26 results