Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::header
Risk _SERVER
/accelerated-mobile-pages/templates/template-mode/template-mode.php:108 (show/hide source)
88  	}
89  	function amp_comment_mustache_script($data){
90  		if(isset($data['amp_component_scripts']['amp-next-page'])){
91  			unset($data['amp_component_scripts']['amp-next-page']);
92  		}
93  		if ( comments_open()){
94  			if ( empty( $data['amp_component_scripts']['amp-mustache'] ) ) {
95  				$data['amp_component_scripts']['amp-mustache'] = 'https://cdn.ampproject.org/v0/amp-mustache-latest.js';
96  			}
97  			if ( empty( $data['amp_component_scripts']['amp-form'] ) ) {
98  			$data['amp_component_scripts']['amp-form'] = 'https://cdn.ampproject.org/v0/amp-form-latest.js';
99  			}
100  		}
101  		unset($data['amp_component_scripts']['amp-addthis']);
102  		return $data;
103  	}
104  	function amp_theme_ajaxcomments(){
105  		global $redux_builder_amp;
106  		  header("access-control-allow-credentials:true");
107  		  header("access-control-allow-headers:Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token");
108 header("Access-Control-Allow-Origin:".esc_attr($_SERVER['HTTP_ORIGIN']) );
109 $siteUrl = parse_url( get_site_url() ); 110 header("AMP-Access-Control-Allow-Source-Origin:".esc_attr($siteUrl['scheme']) . '://' . esc_attr($siteUrl['host']) );
Threat level 0

Callstack:

AMPforWP_theme_mode::amp_theme_ajaxcomments /accelerated-mobile-pages/templates/template-mode/template-mode.php:108 (show/hide source)
88  	}
89  	function amp_comment_mustache_script($data){
90  		if(isset($data['amp_component_scripts']['amp-next-page'])){
91  			unset($data['amp_component_scripts']['amp-next-page']);
92  		}
93  		if ( comments_open()){
94  			if ( empty( $data['amp_component_scripts']['amp-mustache'] ) ) {
95  				$data['amp_component_scripts']['amp-mustache'] = 'https://cdn.ampproject.org/v0/amp-mustache-latest.js';
96  			}
97  			if ( empty( $data['amp_component_scripts']['amp-form'] ) ) {
98  			$data['amp_component_scripts']['amp-form'] = 'https://cdn.ampproject.org/v0/amp-form-latest.js';
99  			}
100  		}
101  		unset($data['amp_component_scripts']['amp-addthis']);
102  		return $data;
103  	}
104  	function amp_theme_ajaxcomments(){
105  		global $redux_builder_amp;
106  		  header("access-control-allow-credentials:true");
107  		  header("access-control-allow-headers:Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token");
108 header("Access-Control-Allow-Origin:".esc_attr($_SERVER['HTTP_ORIGIN']) );
109 $siteUrl = parse_url( get_site_url() ); 110 header("AMP-Access-Control-Allow-Source-Origin:".esc_attr($siteUrl['scheme']) . '://' . esc_attr($siteUrl['host']) );