Project: Wordpress Plugin Realtyna Provisioning 1.0.0

Vulnerability: #9165764 (2018-08-19 15:19:19)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/realtyna-provisioning/app/html/menus/dashboard/steps/install.php:5 (show/hide source)
1  <?php
2  // no direct access
3  defined('ABSPATH') or die();
4  
5 $package_id = isset($_GET['install']) ? sanitize_text_field($_GET['install']) : 0;
6 $nonce = isset($_GET['_wpnonce']) ? sanitize_text_field($_GET['_wpnonce']) : NULL; 7
Threat level 2

Callstack:

@INLINE::/realtyna-provisioning/app/html/menus/dashboard/steps/install.php /realtyna-provisioning/app/html/menus/dashboard/steps/install.php:43 (show/hide source)
23          <?php elseif(!count($package)): ?>
24          <div class="rtprov-mt-4 rtprov-mb-4 rtprov-alert-danger"><?php _e('No package found with the given ID!', 'realtyna-provisioning'); ?></div>
25          <?php else: ?>
26          <div class="rtprov-install">
27              <div class="rtprov-row">
28                  <div class="rtprov-col-12">
29                      <a class="rtprov-bold" href="<?php echo $this->get_admin_url('realtyna-provisioning', array()); ?>"><?php _e('Back to Packages', 'realtyna-provisioning'); ?></a>
30                  </div>
31              </div>
32              <div class="rtprov-package-info rtprov-row">
33                  <div class="rtprov-col-10">
34                      <h3><?php echo $package['name']; ?></h3>
35                      <p><?php echo nl2br($package['description']); ?></p>
36                  </div>
37                  <div class="rtprov-col-2">
38                      <h3 class="rtprov-type"><?php echo $package['type']['name']; ?></h3>
39                  </div>
40              </div>
41              <div class="rtprov-installation-form rtprov-mt-4 rtprov-text-right">
42                  <form id="rtprov_install_form">
43 <input type="hidden" name="id" value="<?php echo $package_id; ?>">
44 <?php wp_nonce_field('rtprov-install-do-'.$package_id); ?> 45 <button id="rtprov_install_button" type="submit" class="button-primary"><?php _e('Install', 'realtyna-provisioning'); ?></button>