Category Grid View Gallery
CVE-2013-4117 (10 posts)

  1. henrisalo
    Posted 2 years ago #

    Version 2.3.3 of this plugin is still affected of XSS security vulnerability. Please see http://www.openwall.com/lists/oss-security/2013/07/11/1

    Last post got closed for not good reason so I reopen this one so that users are aware of this security vulnerability.



  2. Kremental
    Posted 2 years ago #

    I've emailed the plugin author with an offer to take over this plugin and apply the security updates.

    I have forked this plugin, and simplified the user experience (but removed a few features) with this plugin: http://wordpress.org/plugins/visual-recipe-index/

    The required security updates have been applied to the visual recipe index plugin.

    Just posting this here as well in case the author doesn't get my email. I've read elsewhere that he's been unresponsive.

    If I don't get a response I may simply fork the code, apply the updates, and release this plugin under a different name.

  3. licomic
    Posted 2 years ago #

    Please keep us updated. Thank you.

  4. Anshul
    Plugin Author

    Posted 2 years ago #

    Hello Kremental,

    I am the original author of this plugin. Unfortunately I did not have time to work on the further development of the plugin. Let me know how you want to collaborate.

  5. Kremental
    Posted 2 years ago #

    Can you contact me: simon (at) kremental dot com?

    I tried emailing you at the email address in the plugin but haven't received a reply. I'm not sure if that email address is still working.

  6. phattrance
    Posted 2 years ago #

    About time this plugin gets an update! been using this on all my high traffic blogs and it works great!

    The only problem i have with this plugin is that its not SEO friendly. all the thumbnails created by this plugin gets the .php extension instead of jpg etc ( Screenshot: http://i.imgur.com/oSjRkTU.jpg )

    if you check the source code the code gets like this:

    <div class="cgview dark"><ul id="cg-ul">
    <li id="cg-1897" style="width:125px;height:125px;"><a href="http://gifsec.com/funny/gif-love/"><img src="http://gifsec.com/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php?src=http%3A%2F%2Fgifsec.com%2Fwp-content%2Fuploads%2F2014%2F02%2FLove-GIF-1.gif&h=125&w=125&zc=1&q=75" alt="GIF: Love" title="GIF: Love"/></a><div class="cgback cgnojs always"></div><div class="cgtitle cgnojs always"><p style="font-size:10px;line-height:12px;"><a href="http://gifsec.com/funny/gif-love/">GIF: Love</a></p></div></li>
    <li id="cg-9685" style="width:125px;height:125px;"><a href="http://gifsec.com/funny/gif-wave-from-under-water/"><img src="http://gifsec.com/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php?src=http%3A%2F%2Fgifsec.com%2Fwp-content%2Fuploads%2FGIF%2F2014%2F03%2FGIF-Wave-from-under-water.gif&h=125&w=125&zc=1&q=75" alt="GIF: Wave from under water" title="GIF: Wave from under water"/></a><div class="cgback cgnojs always"></div><div class="cgtitle cgnojs always"><p style="font-size:10px;line-height:12px;"><a href="http://gifsec.com/funny/gif-wave-from-under-water/">GIF: Wave from under water</a></p></div></li>
    <li id="cg-4075" style="width:125px;height:125px;"><a href="http://gifsec.com/funny/gif-run-bitch/"><img src="http://gifsec.com/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php?src=http%3A%2F%2Fgifsec.com%2Fwp-content%2Fuploads%2F2014%2F02%2FRun-Bitch-GIFS-1.gif&h=125&w=125&zc=1&q=75" alt="GIF: Run Bitch" title="GIF: Run Bitch"/></a><div class="cgback cgnojs always"></div><div class="cgtitle cgnojs always"><p style="font-size:10px;line-height:12px;"><a href="http://gifsec.com/funny/gif-run-bitch/">GIF: Run Bitch</a></p></div></li>
    <li id="cg-3135" style="width:125px;height:125px;"><a href="http://gifsec.com/funny/gif-babes/"><img src="http://gifsec.com/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php?src=http%3A%2F%2Fgifsec.com%2Fwp-content%2Fuploads%2F2014%2F02%2FBabes-GIF.gif&h=125&w=125&zc=1&q=75" alt="GIF: Babes" title="GIF: Babes"/></a><div class="cgback cgnojs always"></div><div class="cgtitle cgnojs always"><p style="font-size:10px;line-height:12px;"><a href="http://gifsec.com/funny/gif-babes/">GIF: Babes</a></p></div></li>
    <li id="cg-7041" style="width:125px;height:125px;"><a href="http://gifsec.com/funny/relatable-gifs-3/"><img src="http://gifsec.com/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php?src=http%3A%2F%2Fgifsec.com%2Fwp-content%2Fuploads%2FGIF%2F2014%2F03%2FRelatable-GIFS_2.gif&h=125&w=125&zc=1&q=75" alt="GIF: The password" title="GIF: The password"/></a><div class="cgback cgnojs always"></div><div class="cgtitle cgnojs always"><p style="font-size:10px;line-height:12px;"><a href="http://gifsec.com/funny/relatable-gifs-3/">GIF: The password</a></p></div></li>
    <li id="cg-13483" style="width:125px;height:125px;"><a href="http://gifsec.com/funny/gif-accidentally-hit-the-pet/"><img src="http://gifsec.com/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php?src=http%3A%2F%2Fgifsec.com%2Fwp-content%2Fuploads%2FGIF%2F2014%2F04%2FGIF-Accidentally-hit-the-pet.gif&h=125&w=125&zc=1&q=75" alt="GIF: Accidentally hit the pet" title="GIF: Accidentally hit the pet"/></a><div class="cgback cgnojs always"></div><div class="cgtitle cgnojs always"><p style="font-size:10px;line-height:12px;"><a href="http://gifsec.com/funny/gif-accidentally-hit-the-pet/">GIF: Accidentally hit the pet</a></p></div></li>
    <li id="cg-9499" style="width:125px;height:125px;"><a href="http://gifsec.com/funny/gif-firehammer-vs-watermelon/"><img src="http://gifsec.com/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php?src=http%3A%2F%2Fgifsec.com%2Fwp-content%2Fuploads%2FGIF%2F2014%2F03%2FGIF-Firehammer-vs.-Watermelon.gif&h=125&w=125&zc=1&q=75" alt="GIF: Firehammer vs. Watermelon" title="GIF: Firehammer vs. Watermelon"/></a><div class="cgback cgnojs always"></div><div class="cgtitle cgnojs always"><p style="font-size:10px;line-height:12px;"><a href="http://gifsec.com/funny/gif-firehammer-vs-watermelon/">GIF: Firehammer vs. Watermelon</a></p></div></li>
    <li id="cg-896" style="width:125px;height:125px;"><a href="http://gifsec.com/funny/funny-gif-pictures-gifs/"><img src="http://gifsec.com/wp-content/plugins/category-grid-view-gallery/includes/timthumb.php?src=http%3A%2F%2Fgifsec.com%2Fwp-content%2Fuploads%2FGIF%2F2014%2F02%2F-Funny-GIF-Pictures-GIFS.gif&h=125&w=125&zc=1&q=75" alt="GIF: Pictures" title="GIF: Pictures"/></a><div class="cgback cgnojs always"></div><div class="cgtitle cgnojs always"><p style="font-size:10px;line-height:12px;"><a href="http://gifsec.com/funny/funny-gif-pictures-gifs/">GIF: Pictures</a></p></div></li>

    and all the thumbnails gets the wrong alt tags etc. Please fix this problem if you can!

    Thank you

  7. Kremental
    Posted 2 years ago #

    Anshul - I haven't received an email from you. If you sent it and don't hear back from me quickly please post here where I can get a hold of you.

    Phattrance - I believe I would have to remove the dependency on timthumb in order to fix your problem. I believe that would be no small task, but is one that I am actually thinking about.

  8. phattrance
    Posted 2 years ago #

    Kremental: yea i really love this plugin, but as i wrote before its an SEO disaster and google seems to be confused when reading the code since all the ALT tags and extension files such as .jpg etc is turned to .php instead and not included in the image search etc

  9. phattrance
    Posted 2 years ago #

    And one more thing too!

    im trying to get the standard wordpress pagination to work with this plugin, without any results. the code im using is:

    <?php if (have_posts()) : while (have_posts()) : the_post(); ?>
    	<?php $feature_img = portfolio_get_post_image( $post->ID, 'Thumbnail', '', '' ); ?>
    	<?php endwhile; //end of one post?>
    	<?php endif; //do not delete ?>
    	global $paged;
    	if($paged <= 0)
    		$paged = 1;
    	$offset = ($paged-1) * 16;
    	$posts = wp_count_posts()->publish;
    	$pagination = ceil($posts/16);
    	echo do_shortcode('[cgview id=1 size=140x140 num=16 showtitle=always lightbox=0]'); ?>
     <div style="text-align:right;"><?php if ( function_exists( 'page_navi' ) ) page_navi( 'items=10&prev_label= << Prevous &next_label=Next >> &first_label=First&last_label=Last&show_num=1&num_position=after' ); ?></div>

    any idea on why i canot use the standard pagination with this plugin? so that when i click on page 2 the url will be doman.com/page2/

    when i click on the page 2 link now, it shows the same thumbnails as page 1 , but with this url: doman.com/page2/

    screenshot: http://i.imgur.com/KaTHhfa.jpg

  10. phattrance
    Posted 2 years ago #

    The pagination been solved now.

    IF the plugin author or Kremental read this, i can pay you 100$ (paypal only) if you are can do the plugin more seo friendly. i can send details of what i mean with that if you are interested!

    Let me know!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic