Project: Github cabrerahector/wordpress-popular-posts 20190308

Vulnerability: #9250345 (2019-03-08 01:21:03)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/wordpress-popular-posts-master/admin/partials/admin.php:14 (show/hide source)
1  <?php
2  if ( basename($_SERVER['SCRIPT_NAME']) == basename(__FILE__) )
3      exit( 'Please do not load this page directly' );
4  
5  $tabs = array(
6      'stats' => __( 'Stats', 'wordpress-popular-posts' ),
7      'tools' => __( 'Tools', 'wordpress-popular-posts' ),
8      'params' => __( 'Parameters', 'wordpress-popular-posts' ),
9      'debug' => 'Debug'
10  );
11  
12  // Set active tab
13  if ( isset( $_GET['tab'] ) && isset( $tabs[$_GET['tab']] ) )
14 $current = $_GET['tab'];
15 else 16 $current = 'stats';
Threat level 2

Callstack:

@INLINE::/wordpress-popular-posts-master/admin/partials/admin.php /wordpress-popular-posts-master/admin/partials/admin.php:260 (show/hide source)
240                              response = "<?php /*translators: Special characters (such as accents) must be replaced with Javascript Octal codes (eg. \341 is the Octal code for small a with acute accent) */ _e( 'Invalid action.', 'wordpress-popular-posts' ); ?>";
241                              break;
242                      }
243  
244                      alert( response );
245                  }
246              );
247          }
248      }
249  </script>
250  
251  <nav id="wpp-menu">
252      <ul>
253          <li><a href="#" title="<?php esc_attr_e( 'Menu' ); ?>"><span><?php _e( 'Menu' ); ?></span></a></li>
254          <li<?php echo ( 'stats' == $current ) ? ' class="current"' : ''; ?>><a href="<?php echo admin_url( 'options-general.php?page=wordpress-popular-posts&tab=stats' ); ?>" title="<?php esc_attr_e( 'Stats', 'wordpress-popular-posts' ); ?>"><span><?php _e( 'Stats', 'wordpress-popular-posts' ); ?></span></a></li>
255          <li<?php echo ( 'tools' == $current ) ? ' class="current"' : ''; ?>><a href="<?php echo admin_url( 'options-general.php?page=wordpress-popular-posts&tab=tools' ); ?>" title="<?php esc_attr_e( 'Tools', 'wordpress-popular-posts' ); ?>"><span><?php _e( 'Tools', 'wordpress-popular-posts' ); ?></span></a></li>
256          <li<?php echo ( 'params' == $current ) ? ' class="current"' : ''; ?>><a href="<?php echo admin_url( 'options-general.php?page=wordpress-popular-posts&tab=params' ); ?>" title="<?php esc_attr_e( 'Parameters', 'wordpress-popular-posts' ); ?>"><span><?php _e( 'Parameters', 'wordpress-popular-posts' ); ?></span></a></li>
257      </ul>
258  </nav>
259  
260 <div class="wpp-wrapper wpp-section-<?php echo $current; ?>">
261 262 <div class="wpp-header">