Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928940 (2018-07-26 19:06:53)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/photo-video-store/includes/payments/cheque/settings.php:24 (show/hide source)
4  {
5  	exit;
6  }
7  //Check access
8  pvs_admin_panel_access( "settings_payments" );
9  
10  if ( @$_REQUEST["action"] == 'change' and wp_verify_nonce( @$_REQUEST['_wpnonce'], 'pvs-cheque' ) )
11  {
12  	pvs_update_setting('cheque_account', pvs_result( $_POST["account"] ));
13  	pvs_update_setting('cheque_account2', pvs_result( $_POST["account2"] ));
14  	pvs_update_setting('cheque_active', (int) @ $_POST["active"] );
15  	
16  	//Update settings
17  	pvs_get_settings();
18  }
19  ?>
20  
21  
22  
23  <form method="post">
24 <input type="hidden" name="d" value="<?php echo($_GET["d"]);?>">
25 <input type="hidden" name="action" value="change"> 26 <?php wp_nonce_field( 'pvs-cheque' ); ?>
Threat level 2

Callstack:

@INLINE::/photo-video-store/includes/payments/cheque/settings.php /photo-video-store/includes/payments/cheque/settings.php:24 (show/hide source)
4  {
5  	exit;
6  }
7  //Check access
8  pvs_admin_panel_access( "settings_payments" );
9  
10  if ( @$_REQUEST["action"] == 'change' and wp_verify_nonce( @$_REQUEST['_wpnonce'], 'pvs-cheque' ) )
11  {
12  	pvs_update_setting('cheque_account', pvs_result( $_POST["account"] ));
13  	pvs_update_setting('cheque_account2', pvs_result( $_POST["account2"] ));
14  	pvs_update_setting('cheque_active', (int) @ $_POST["active"] );
15  	
16  	//Update settings
17  	pvs_get_settings();
18  }
19  ?>
20  
21  
22  
23  <form method="post">
24 <input type="hidden" name="d" value="<?php echo($_GET["d"]);?>">
25 <input type="hidden" name="action" value="change"> 26 <?php wp_nonce_field( 'pvs-cheque' ); ?>