Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink fake_wpdb::insert
Risk _POST
/social-booster/admin/class-rx-sb-ajax.php:60 (show/hide source)
40            if ($info->network == 'facebook') {
41              $data_post = $facebook->sb_send_feed_to_facebook($postid, $info->profile_id, $info->id, $message, $post_permalink);
42            }
43            if ($info->network == 'twitter') {
44              $data_post = $twitter->sb_send_feed_to_twitter($postid, $info->profile_id, $info->id, $message, $post_permalink);
45            }
46            if ($info->network == 'tumblr') {
47              $data_post = $tumblr->sb_send_feed_to_tumblr($postid, $info->profile_id, $info->id, $message, $post_permalink);
48            }
49          }
50        }
51      }
52      die();
53    }
54  
55    /*
56     * Schedule post
57     */
58    function rx_sb_schedule() {
59  
60 $postid = sanitize_text_field($_POST['postid']);
61 $post_status = get_post_status($postid); 62 if ($post_status != 'publish') {
Threat level 2

Callstack:

Rx_Sb_Ajax::rx_sb_schedule /social-booster/admin/class-rx-sb-ajax.php:146 (show/hide source)
126                  $data_post = $reddit->sb_send_feed_to_reddit($postid, $info->profile_id, $info->id, $message, $post_permalink);
127                }
128              }
129            }
130          }
131        }
132        elseif($schedule == 'none') {
133          if ($_POST['scdatetime'] != "none") {
134            if (!in_array($info->id, $media)) {
135              if ($info->auth_status == 'active' && $info->auth_con == 'active') {
136                if(array_key_exists($info->network, $premium_networks)) {
137                  $wpdb->insert(
138                      $schedule_table,
139                      array(
140                          'post_id' => $postid,
141                          'post_meta' => $post_meta,
142                          'profile_id' => $info->profile_id,
143                          'network_id' => $info->id,
144                          'share_type' => 'scheduled',
145                          'schedule_type' => $schedule,
146 'schedule_time' => $schedule_time,
147 ) 148 );