diff --git a/README.md b/README.md
index 1f3c675b..fdad7f1e 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
- Tags: email, marketing, signup, newsletter, widget, smtp, woocommerce, contact form 7
- Requires at least: 4.4
- Tested up to: 6.1.1
-- Stable tag: 5.3.1
+- Stable tag: 5.3.2
- Requires PHP: 5.6
- License: GPLv2 or later
- License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -205,6 +205,9 @@ find vendor/ -type d -name ".git" -exec rm -rf {} \;
7. Configure abandoned cart notifications for WooCommerce
## Changelog
+##### 5.3.2
+* Fixed security issues according to plugin scanning. Sanitized some input args.
+
##### 5.3.1
* Fixed security issues according to plugin scanning. Added escaping for shown strings.
diff --git a/readme.txt b/readme.txt
index 1dc85f7e..49aef62d 100644
--- a/readme.txt
+++ b/readme.txt
@@ -4,7 +4,7 @@ Contributors: Mailjet
Tags: email, marketing, signup, newsletter, widget, smtp, woocommerce, contact form 7
Requires at least: 4.4
Tested up to: 6.1.1
-Stable tag: 5.3.1
+Stable tag: 5.3.2
Requires PHP: 5.6
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -196,6 +196,9 @@ find vendor/ -type d -name ".git" -exec rm -rf {} \;
7. Configure abandoned cart notifications for WooCommerce
== Upgrade notice ==
+= 5.3.2 =
+* Fixed security issues according to plugin scanning. Sanitized some input args.
+
= 5.3.1 =
* Fixed security issues according to plugin scanning. Added escaping for shown strings.
diff --git a/src/includes/MailjetSettings.php b/src/includes/MailjetSettings.php
index 4f7573f7..23d9856e 100644
--- a/src/includes/MailjetSettings.php
+++ b/src/includes/MailjetSettings.php
@@ -308,7 +308,7 @@ public static function redirectJs($urlToRedirect)
?>';
';
+ echo esc_attr('');
exit;
}
public static function getCryptoHash()
diff --git a/src/includes/SettingsPages/SubscriptionOptionsSettings.php b/src/includes/SettingsPages/SubscriptionOptionsSettings.php
index c1bd51a8..88355e07 100644
--- a/src/includes/SettingsPages/SubscriptionOptionsSettings.php
+++ b/src/includes/SettingsPages/SubscriptionOptionsSettings.php
@@ -352,7 +352,7 @@ public function mailjet_subscribe_confirmation_from_widget($subscription_email,
$test = sprintf(Mailjeti18n::getTranslationsFromFile($locale, 'To receive newsletters from %s please confirm your subscription by clicking the following button:'), $wpUrl);
$email_main_text = !empty($instance[$locale]['email_content_main_text']) ? apply_filters('widget_email_content_main_text', \sprintf($instance[$locale]['email_content_main_text'], get_option('blogname'))) : $test;
$email_content_after_button = !empty($instance[$locale]['email_content_after_button']) ? $instance[$locale]['email_content_after_button'] : Mailjeti18n::getTranslationsFromFile($locale, 'If you received this email by mistake or don\'t wish to subscribe anymore, simply ignore this message.');
- $properties = isset($_POST['properties']) ? $_POST['properties'] : array();
+ $properties = array_map('sanitize_text_field', $_POST['properties'] ?? []);
$preparedProperties = [];
if (!empty($properties)) {
foreach ($properties as $key => $val) {
diff --git a/src/includes/SettingsPages/UserAccessSettings.php b/src/includes/SettingsPages/UserAccessSettings.php
index b100629f..14804ae2 100644
--- a/src/includes/SettingsPages/UserAccessSettings.php
+++ b/src/includes/SettingsPages/UserAccessSettings.php
@@ -49,12 +49,12 @@ public function mailjet_user_access_cb($args)
$hasAccess = isset($role['capabilities'][self::ACCESS_CAP_NAME]) && $role['capabilities'][self::ACCESS_CAP_NAME];
?>