WordPress.org
Get WordPress

Plugin Directory

Changeset 3445051


Ignore:
Timestamp:
01/22/2026 05:27:43 PM (2 months ago)
Author:
zionbuilder
Message:

Release v3.6.17

Location:
zionbuilder/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • zionbuilder/trunk/includes/Elements/Element.php

    r3443423 r3445051  
    865865        }
    866866
    867         $wrapper_tag = $this->get_wrapper_tag($this->options);
     867        // Make sure the wrapper tag is actually a tag and not exploitable with xss attacks
     868        $wrapper_tag = wp_kses_post($this->get_wrapper_tag($this->options));
     869        $wrapper_tag = preg_replace('/[^a-zA-Z0-9]/', '', $wrapper_tag);
    868870
    869871        if ($this->render_attributes->has_attribute('wrapper', 'id')) {
     
    879881        // Render element
    880882        // The attributes are already escaped in RenderAttributes::get_attributes_as_string()
    881         printf('<%s id="%s" %s>', esc_html($wrapper_tag), esc_attr($wrapper_id), $attributes); // phpcs:ignore WordPress.Security.EscapeOutput
     883        printf('<%s id="%s" %s>', $wrapper_tag, esc_attr($wrapper_id), $attributes); // phpcs:ignore WordPress.Security.EscapeOutput
    882884
    883885        // Render video background
     
    887889        // Render element
    888890        $this->render($this->options);
    889         printf('</%s>', esc_html($wrapper_tag));
     891        printf('</%s>', $wrapper_tag);
    890892
    891893        $this->after_render($this->options);

  • zionbuilder/trunk/readme.txt

    r3443423 r3445051  
    44Requires at least: 6.0.0
    55Tested up to: 6.9
    6 Stable tag: 3.6.16
     6Stable tag: 3.6.17
    77Requires PHP: 7.0.0
    88License: GPLv3 or later
     
    181181
    182182== Changelog ==
     183= 3.6.17 =
     184Fixed: https://www.cve.org/CVERecord?id=CVE-2024-54213
     185
    183186= 3.6.16 =
    184187Improved: Code changes required by WordPress coding standards and plugin requirements

  • zionbuilder/trunk/zionbuilder.php

    r3443423 r3445051  
    44Plugin URI: https://zionbuilder.io/?utm_campaign=plugin-uri&utm_medium=wp-dashboard-plugins
    55Description: The page builder you always wanted. Create any design you want using live editor.
    6 Version: 3.6.16
     6Version: 3.6.17
    77Author: zionbuilder.io
    88Author URI: https://zionbuilder.io/?utm_campaign=plugin-uri&utm_medium=wp-dashboard-plugins
Note: See TracChangeset for help on using the changeset viewer.