Project: Wordpress Plugin Site Search 360 0.6.93

Vulnerability: #9217755 (2018-08-28 03:44:09)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _SERVER
/site-search-360/sitesearch360-controls.php:25 (show/hide source)
5  $password = get_option('ss360_password');
6  $apiKey = get_option('ss360_api_token');
7  ?>
8  
9  <div class="wrap">
10      <h2>Configure your Site Search</h2><br/>
11  
12      <?php
13      /* Check for a=te url params --> config was saved */
14      $parts = parse_url($_SERVER['REQUEST_URI']);
15      parse_str($parts['query'], $query);
16      if (isset($query['a']) && stripslashes($query['a']) == 'te') { ?>
17          <div id="message" class="updated notice is-dismissible"><p>Client configuration has been successfully
18                  updated.</p>
19              <button type="button" class="notice-dismiss"><span class="screen-reader-text">Dismiss this message.</span>
20              </button>
21          </div>
22      <?php } ?>
23  
24      <?php
25 $requestUri = esc_url($_SERVER['REQUEST_URI']);
26 $saveParams = strpos($requestUri, 'a=te') !== false ? '' : (strpos($requestUri, "?") === false ? '?a=te' : '&a=te'); 27 $requestUri = $requestUri . $saveParams;
Threat level 0

Callstack:

@INLINE::/site-search-360/sitesearch360-controls.php /site-search-360/sitesearch360-controls.php:29 (show/hide source)
9  <div class="wrap">
10      <h2>Configure your Site Search</h2><br/>
11  
12      <?php
13      /* Check for a=te url params --> config was saved */
14      $parts = parse_url($_SERVER['REQUEST_URI']);
15      parse_str($parts['query'], $query);
16      if (isset($query['a']) && stripslashes($query['a']) == 'te') { ?>
17          <div id="message" class="updated notice is-dismissible"><p>Client configuration has been successfully
18                  updated.</p>
19              <button type="button" class="notice-dismiss"><span class="screen-reader-text">Dismiss this message.</span>
20              </button>
21          </div>
22      <?php } ?>
23  
24      <?php
25      $requestUri = esc_url($_SERVER['REQUEST_URI']);
26      $saveParams = strpos($requestUri, 'a=te') !== false ? '' : (strpos($requestUri, "?") === false ? '?a=te' : '&a=te');
27      $requestUri = $requestUri . $saveParams;
28      ?>
29 <form name="ss360_settings" method="post" action="<?php echo $requestUri; ?>">
30 <?php wp_nonce_field(); ?> 31 <input type="hidden" name="action" value="ss360_saveConfiguration">