Project: Wordpress Plugin Site Search 360 0.6.93

Vulnerability: #9217753 (2018-08-28 03:44:09)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _SERVER
/site-search-360/sitesearch360-create-account.php:84 (show/hide source)
64                    <tr>
65                      <td colspan="2" style="vertical-align:middle;text-align:right">
66                        <input id="connectButton" type="submit" name="Submit" class="button-primary" value="Connect Account" />
67                      </td>
68                    </tr>
69                  </table-->
70                </td>
71              </tr>
72            </tbody>
73          </table>
74  
75        </form>
76  
77      </div>
78  
79    <?php
80    } else if ($result['action'] == 'init') {?>
81  
82      <div class="wrap">
83        <h2>Site Search 360 Plugin Configuration</h2><br/>
84 <form name="ss360_settings" method="post" action="<?php echo esc_url( $_SERVER['REQUEST_URI'] ); ?>">
85 <?php wp_nonce_field(); ?> 86 <input type="hidden" name="action" value="ss360_register">
Threat level 0

Callstack:

@INLINE::/site-search-360/sitesearch360-create-account.php /site-search-360/sitesearch360-create-account.php:84 (show/hide source)
64                    <tr>
65                      <td colspan="2" style="vertical-align:middle;text-align:right">
66                        <input id="connectButton" type="submit" name="Submit" class="button-primary" value="Connect Account" />
67                      </td>
68                    </tr>
69                  </table-->
70                </td>
71              </tr>
72            </tbody>
73          </table>
74  
75        </form>
76  
77      </div>
78  
79    <?php
80    } else if ($result['action'] == 'init') {?>
81  
82      <div class="wrap">
83        <h2>Site Search 360 Plugin Configuration</h2><br/>
84 <form name="ss360_settings" method="post" action="<?php echo esc_url( $_SERVER['REQUEST_URI'] ); ?>">
85 <?php wp_nonce_field(); ?> 86 <input type="hidden" name="action" value="ss360_register">