Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928918 (2018-07-26 19:06:03)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/photo-video-store/includes/payments/paypal/settings.php:30 (show/hide source)
10  if ( @$_REQUEST["action"] == 'change' and wp_verify_nonce( @$_REQUEST['_wpnonce'], 'pvs-paypal' ) )
11  {
12  	pvs_update_setting('paypal_account', pvs_result( $_POST["account"] ));
13  	pvs_update_setting('paypal_active', (int) @ $_POST["active"] );
14  	pvs_update_setting('paypal_ipn', (int) @ $_POST["ipn"] );
15  	
16  	//Update settings
17  	pvs_get_settings();
18  }
19  ?>
20  
21  <p>Please login on <a href="http://www.paypal.com/">www.paypal.com</a> as merchant</p>
22  <p>Enable <b>"Instant Payment Notification"</p>
23  
24  
25  <p>Set <b>Notify URL:</b><br> <?php echo (site_url( ) );?>/payment-notification/?payment=paypal</p>
26  
27  
28  
29  <form method="post">
30 <input type="hidden" name="d" value="<?php echo($_GET["d"]);?>">
31 <input type="hidden" name="action" value="change"> 32 <?php wp_nonce_field( 'pvs-paypal' ); ?>
Threat level 2

Callstack:

@INLINE::/photo-video-store/includes/payments/paypal/settings.php /photo-video-store/includes/payments/paypal/settings.php:30 (show/hide source)
10  if ( @$_REQUEST["action"] == 'change' and wp_verify_nonce( @$_REQUEST['_wpnonce'], 'pvs-paypal' ) )
11  {
12  	pvs_update_setting('paypal_account', pvs_result( $_POST["account"] ));
13  	pvs_update_setting('paypal_active', (int) @ $_POST["active"] );
14  	pvs_update_setting('paypal_ipn', (int) @ $_POST["ipn"] );
15  	
16  	//Update settings
17  	pvs_get_settings();
18  }
19  ?>
20  
21  <p>Please login on <a href="http://www.paypal.com/">www.paypal.com</a> as merchant</p>
22  <p>Enable <b>"Instant Payment Notification"</p>
23  
24  
25  <p>Set <b>Notify URL:</b><br> <?php echo (site_url( ) );?>/payment-notification/?payment=paypal</p>
26  
27  
28  
29  <form method="post">
30 <input type="hidden" name="d" value="<?php echo($_GET["d"]);?>">
31 <input type="hidden" name="action" value="change"> 32 <?php wp_nonce_field( 'pvs-paypal' ); ?>