WordPress.org
Get WordPress

Plugin Directory

Changeset 3453769


Ignore:
Timestamp:
02/04/2026 12:00:40 PM (5 weeks ago)
Author:
xpro
Message:

V 1.4.23 – 04 Feb 2026

Fix: Added sanitization and escaping to secure REST API and prevent XSS.

Location:
xpro-elementor-addons/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • xpro-elementor-addons/trunk/changelog.txt

    r3451993 r3453769  
     1= V 1.4.23 – 04 Feb 2026
     2
     3- Fix: Added sanitization and escaping to secure REST API and prevent XSS.
     4
     5
    16= V 1.4.22 – 02 Feb 2026
    27

  • xpro-elementor-addons/trunk/inc/dynamic-content/custom-post-item-api.php

    r2904355 r3453769  
    1414
    1515    public function get_content_editor() {
    16         $content_key  = $this->request['key'];
    17         $content_type = $this->request['type'];
     16
     17        if ( ! is_user_logged_in() || ! current_user_can( 'edit_posts' ) ) {
     18            wp_die( __( 'Unauthorized request.', 'xpro-elementor-addons' ), 403 );
     19        }
     20
     21        $content_key  = sanitize_text_field( $this->request['key'] );
     22        $content_type = sanitize_text_field( $this->request['type'] );
     23
    1824
    1925        $builder_post_title = 'dynamic-content-' . $content_type . '-' . $content_key;
     
    5056
    5157        $url = get_admin_url() . '/post.php?post=' . $builder_post_id . '&action=elementor';
    52         wp_safe_redirect( $url );
     58            wp_safe_redirect( $url );
     59            To: $url = admin_url(
     60                'post.php?post=' . absint( $builder_post_id ) . '&action=elementor'
     61            );
     62            wp_safe_redirect( $url );
    5363        exit;
     64       
    5465    }
    5566}

  • xpro-elementor-addons/trunk/readme.txt

    r3451993 r3453769  
    11=== Xpro Addons — 140+ Widgets for Elementor ===
    22Plugin Name: Xpro Addons For Elementor (140+ Widgets & Free Theme Builder)
    3 Version: 1.4.22
     3Version: 1.4.23
    44Contributors: Xpro
    55Tags: elementor, widgets for elementor, elementor widgets, addons for elementor, woocommerce elementor
    66Requires at least: 6.0
    7 Tested up to: 6.9
    8 Stable tag: 1.4.22
     7Tested up to: 6.9.1
     8Stable tag: 1.4.23
    99Requires PHP: 7.4
    1010License: GPLv2
     
    266266== Changelog ==
    267267
    268 = V 1.4.22 – 28 Jan 2026
     268= V 1.4.23 – 04 Feb 2026
     269
     270- Fix: Added sanitization and escaping to secure REST API and prevent XSS.
     271
     272
     273= V 1.4.22 – 02 Feb 2026
    269274
    270275- Fix: Resolved all general plugin-related errors.

  • xpro-elementor-addons/trunk/xpro-elementor-addons.php

    r3451993 r3453769  
    44 * Description: A complete Elementor Addons Pack to enhance your web designing experience. Create amazing websites with 50+ FREE Widgets, Extensions & more.
    55 * Plugin URI:  https://elementor.wpxpro.com/
    6  * Version:     1.4.22
     6 * Version:     1.4.23
    77 * Author:      Xpro
    88 * Author URI:  https://www.wpxpro.com/
     
    1010 * Text Domain: xpro-elementor-addons
    1111 * Domain Path: /language
    12  * Elementor tested up to: 3.34.2
     12 * Elementor tested up to: 3.35.0
    1313 * License: GPLv2
    1414 * License URI: https://www.gnu.org/licenses/gpl-2.0.html
     
    1717defined( 'ABSPATH' ) || die();
    1818
    19 define( 'XPRO_ELEMENTOR_ADDONS_VERSION', '1.4.22' );
     19define( 'XPRO_ELEMENTOR_ADDONS_VERSION', '1.4.23' );
    2020define( 'XPRO_ELEMENTOR_ADDONS__FILE__', __FILE__ );
    2121define( 'XPRO_ELEMENTOR_ADDONS_BASE', plugin_basename( __FILE__ ) );
     
    6969     * @var string The plugin version.
    7070     */
    71     const VERSION = '1.4.22';
     71    const VERSION = '1.4.23';
    7272
    7373    /**
Note: See TracChangeset for help on using the changeset viewer.