Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928913 (2018-07-26 19:05:17)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/photo-video-store/templates/check_instagram.php:141 (show/hide source)
121  				}
122  
123  				//Authorization
124  				pvs_user_authorization( pvs_user_login_to_id($temp_login) );
125  
126  				if ( isset( $_SESSION["redirect_url"] ) and $_SESSION["redirect_url"] ==
127  					"checkout" )
128  				{
129  					header( "location:" . site_url() . "/checkout/" );
130  					exit();
131  				} else
132  				{
133  					header( "location:" . site_url() . "/profile/" );
134  					exit();
135  				}
136  			}
137  		} else {
138  			// Check whether an error occurred
139  			if ( true === isset( $_GET['error'] ) )
140  			{
141 echo 'An error occurred: ' . $_GET['error_description'];
142 } 143 }
Threat level 2

Callstack:

@INLINE::/photo-video-store/templates/check_instagram.php /photo-video-store/templates/check_instagram.php:141 (show/hide source)
121  				}
122  
123  				//Authorization
124  				pvs_user_authorization( pvs_user_login_to_id($temp_login) );
125  
126  				if ( isset( $_SESSION["redirect_url"] ) and $_SESSION["redirect_url"] ==
127  					"checkout" )
128  				{
129  					header( "location:" . site_url() . "/checkout/" );
130  					exit();
131  				} else
132  				{
133  					header( "location:" . site_url() . "/profile/" );
134  					exit();
135  				}
136  			}
137  		} else {
138  			// Check whether an error occurred
139  			if ( true === isset( $_GET['error'] ) )
140  			{
141 echo 'An error occurred: ' . $_GET['error_description'];
142 } 143 }