Project: Wordpress Plugin 3.0.34

Vulnerability: #20 (2017-04-19 10:41:26)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::setcookie
Risk _COOKIE
/ninja-forms/includes/Libraries/Session/class-wp-session.php:83 (show/hide source)
63       * @return bool|WP_Session
64       */
65      public static function get_instance() {
66          if ( ! self::$instance ) {
67              self::$instance = new self();
68          }
69  
70          return self::$instance;
71      }
72  
73      /**
74       * Default constructor.
75       * Will rebuild the session collection from the given session ID if it exists. Otherwise, will
76       * create a new session with that ID.
77       *
78       * @param $session_id
79       * @uses apply_filters Calls `wp_session_expiration` to determine how long until sessions expire.
80       */
81      protected function __construct() {
82          if ( isset( $_COOKIE[WP_SESSION_COOKIE] ) ) {
83 $cookie = stripslashes( $_COOKIE[WP_SESSION_COOKIE] );
84 $cookie_crumbs = explode( '||', $cookie ); 85
Threat level 1

Callstack:

WP_Session::set_cookie /ninja-forms/deprecated/includes/libraries/class-wp-session.php:147 (show/hide source)
127  	 * By default, the expiration variant is set to 24 minutes.
128  	 *
129  	 * As a result, the session expiration time - at a maximum - will only be written to the database once
130  	 * every 24 minutes.  After 30 minutes, the session will have been expired. No cookie will be sent by
131  	 * the browser, and the old session will be queued for deletion by the garbage collector.
132  	 *
133  	 * @uses apply_filters Calls `wp_session_expiration_variant` to get the max update window for session data.
134  	 * @uses apply_filters Calls `wp_session_expiration` to get the standard expiration time for sessions.
135  	 */
136  	protected function set_expiration() {
137  		$this->exp_variant = time() + (int) apply_filters( 'wp_session_expiration_variant', 24 * 60 );
138  		$this->expires = time() + (int) apply_filters( 'wp_session_expiration', 30 * 60 );
139  	}
140  
141  	/**
142  	 * Set the session cookie
143  	 *
144  	 * IMPORTANT: Made public
145  	 */
146  	public function set_cookie() {
147 @setcookie( WP_SESSION_COOKIE, $this->session_id . '||' . $this->expires . '||' . $this->exp_variant , $this->expires, COOKIEPATH, COOKIE_DOMAIN );
148 } 149