Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _POST
/accelerated-mobile-pages/pagebuilder/inc/adminAjaxContents.php:72 (show/hide source)
52  	}else{
53  		echo json_encode(array('status'=>200, 'Message'=>"Pagebuilder Started successfully"));
54  	}
55  	exit;
56  }
57  
58  add_action( 'wp_ajax_amppb_export_layout_data', 'amppb_export_layout_data');
59  function amppb_export_layout_data(){
60  	if(!wp_verify_nonce( $_REQUEST['verify_nonce'], 'verify_pb' ) ) {
61          echo json_encode(array("status"=>300,"message"=>'Request not valid'));
62          die;
63      }
64  	// Exit if the user does not have proper permissions
65  	if ( ! current_user_can('edit_posts') && ! current_user_can('edit_pages') ) {
66  		echo json_encode(array("status"=>300,"message"=>'User do not have access'));
67          die;
68  	}
69  	header( 'content-type: application/json' );
70  	header( 'Content-Disposition: attachment; filename=layout-' . date( 'dmY' ) . '.json' );
71  	
72 $export_data = wp_unslash( $_POST['export_layout_data'] );
73 echo $export_data; 74
Threat level 2

Callstack:

@FUNCTION::amppb_export_layout_data /accelerated-mobile-pages/pagebuilder/inc/adminAjaxContents.php:73 (show/hide source)
53  		echo json_encode(array('status'=>200, 'Message'=>"Pagebuilder Started successfully"));
54  	}
55  	exit;
56  }
57  
58  add_action( 'wp_ajax_amppb_export_layout_data', 'amppb_export_layout_data');
59  function amppb_export_layout_data(){
60  	if(!wp_verify_nonce( $_REQUEST['verify_nonce'], 'verify_pb' ) ) {
61          echo json_encode(array("status"=>300,"message"=>'Request not valid'));
62          die;
63      }
64  	// Exit if the user does not have proper permissions
65  	if ( ! current_user_can('edit_posts') && ! current_user_can('edit_pages') ) {
66  		echo json_encode(array("status"=>300,"message"=>'User do not have access'));
67          die;
68  	}
69  	header( 'content-type: application/json' );
70  	header( 'Content-Disposition: attachment; filename=layout-' . date( 'dmY' ) . '.json' );
71  	
72  	$export_data = wp_unslash( $_POST['export_layout_data'] );
73 echo $export_data;
74 75 wp_die();