Changeset 3287859

Timestamp:

05/05/2025 02:12:15 PM (10 months ago)

Author:

xpro

Message:

V 1.2.8.5 - 05 May 2025

Fix: Resolved shortcode vulnerability issue in theme builder.

Location:

xpro-theme-builder/trunk

Files:

• changelog.txt (modified) (1 diff)
• plugin.php (modified) (1 diff)
• readme.txt (modified) (2 diffs)
• xpro-theme-builder.php (modified) (1 diff)

xpro-theme-builder/trunk/changelog.txt

@@ +1 @@
+= V 1.2.8.5 - 05 May 2025 =
+
+Fix: Resolved shortcode vulnerability issue in theme builder.
+
+
 = V 1.2.8.4 - 25 February 2025 =
 

xpro-theme-builder/trunk/plugin.php

@@ -334 +334 @@
         }
 
-        // if post type private and user can not read the post
-            $post = get_post( $id );
-            if ( ! $post || $post->post_status === 'private' && ! current_user_can( 'read_post', $id ) ) {
-            wp_die( __( 'You are not allowed to access this post.', 'xpro-elementor-addons' ), 403 );
+        $post = get_post( $id );
+        if ( ! $post ) {
+            wp_die( __( 'Post not found.', 'xpro-elementor-addons' ), 404 );
+        }
+            if ( ! empty( $post->post_password ) && post_password_required( $post ) ) {
+            wp_die( __( 'This post is password protected.', 'xpro-elementor-addons' ), 403 );
+        }
+        if ( $post->post_status === 'trash' ) {
+            wp_die( __( 'You are not allowed to access this post (Trashed Post).', 'xpro-elementor-addons' ), 403 );
+        }
+        $post_status = $post->post_status;
+        $status_labels = [
+            'private' => 'Private Post',
+            'draft' => 'Draft Post',
+            'pending' => 'Pending Post',
+            'trash' => 'Trashed Post',
+        ];
+        if (
+            in_array( $post_status, array_keys( $status_labels ), true ) &&
+            ! current_user_can( 'read_post', $id )
+        ) {
+            $label = $status_labels[ $post_status ];
+            wp_die( sprintf( __( 'You are not allowed to access this post(%s).', 'xpro-elementor-addons' ), $label ), 403 );
         }
 

xpro-theme-builder/trunk/readme.txt

@@ -1 +1 @@
 === Xpro Theme Builder For Elementor - FREE ===
 Plugin Name: Xpro Theme Builder For Elementor - FREE
-Version: 1.2.8.4
+Version: 1.2.8.5
 Contributors: Xpro
 Tags: elementor, theme builder, header footer builder, sticky header, free theme builder
 Requires at least: 5.0
-Tested up to: 6.7.2
+Tested up to: 6.8.1
 Stable tag: trunk
 Requires PHP: 7.0
@@ -290 +290 @@
 == Changelog ==
 
+= V 1.2.8.5 - 05 May 2025 =
+
+Fix: Resolved shortcode vulnerability issue in theme builder.
+
+
 = V 1.2.8.4 - 25 February 2025 =
 

xpro-theme-builder/trunk/xpro-theme-builder.php

@@ -6 +6 @@
  * Author:      Xpro
  * Author URI:  https://www.wpxpro.com/
- * Version:     1.2.8.4
+ * Version:     1.2.8.5
  * Developer:   Xpro Team
  * Text Domain: xpro-theme-builder
- * Elementor tested up to: 3.27.6
+ * Elementor tested up to: 3.28.4
  *
  * @package xpro-theme-builder
  */
 
-define( 'XPRO_THEME_BUILDER_VER', '1.2.8.4' );
+define( 'XPRO_THEME_BUILDER_VER', '1.2.8.5' );
 define( 'XPRO_THEME_BUILDER_FILE', __FILE__ );
 define( 'XPRO_THEME_BUILDER_BASE', plugin_basename( __FILE__ ) );