Project: Wordpress Plugin Realtyna Provisioning 1.0.0

Vulnerability: #9165763 (2018-08-19 15:19:19)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/realtyna-provisioning/app/html/menus/dashboard/steps/search.php:6 (show/hide source)
1  <?php
2  // no direct access
3  defined('ABSPATH') or die();
4  
5  // Search Term
6 $term = isset($_GET['s']) ? sanitize_text_field($_GET['s']) : NULL;
7 8 // Package Types
Threat level 2

Callstack:

@INLINE::/realtyna-provisioning/app/html/menus/dashboard/steps/search.php /realtyna-provisioning/app/html/menus/dashboard/steps/search.php:33 (show/hide source)
13  if($type) $query['types'] = array($type);
14  
15  $API = new RTPROV_Api();
16  $response = $API->packages($query);
17  $packages = isset($response['data']) ? $response['data'] : array();
18  
19  $response = $API->types();
20  $types = isset($response['data']) ? $response['data'] : array();
21  ?>
22  <div class="wrap about-wrap rtprov-wrap">
23      <h1><?php _e('Realtyna Provisioning', 'realtyna-provisioning'); ?></h1>
24      <div class="about-text">
25          <?php _e('You can search in repository and install the packages that you like.', 'realtyna-provisioning'); ?>
26      </div>
27      <div class="rtprov-content">
28  
29          <form class="rtprov-search" method="GET" action="<?php echo admin_url('admin.php'); ?>">
30              <div class="rtprov-row">
31                  <div class="rtprov-col-11">
32                      <input type="hidden" name="page" value="realtyna-provisioning">
33 <input type="search" name="s" value="<?php echo $term; ?>" placeholder="<?php esc_attr_e('Keyword ...', 'realtyna-provisioning'); ?>">
34 <select name="type" title="<?php esc_attr_e('Category', 'realtyna-provisioning'); ?>"> 35 <option value="">-----</option>