Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink fake_wpdb::insert
Risk _POST
/social-booster/admin/class-rx-sb-ajax.php:60 (show/hide source)
40            if ($info->network == 'facebook') {
41              $data_post = $facebook->sb_send_feed_to_facebook($postid, $info->profile_id, $info->id, $message, $post_permalink);
42            }
43            if ($info->network == 'twitter') {
44              $data_post = $twitter->sb_send_feed_to_twitter($postid, $info->profile_id, $info->id, $message, $post_permalink);
45            }
46            if ($info->network == 'tumblr') {
47              $data_post = $tumblr->sb_send_feed_to_tumblr($postid, $info->profile_id, $info->id, $message, $post_permalink);
48            }
49          }
50        }
51      }
52      die();
53    }
54  
55    /*
56     * Schedule post
57     */
58    function rx_sb_schedule() {
59  
60 $postid = sanitize_text_field($_POST['postid']);
61 $post_status = get_post_status($postid); 62 if ($post_status != 'publish') {
Threat level 2

Callstack:

Rx_Sb_Network::save_shared_posts /social-booster/admin/networks/abstract-class-rx-sb-network.php:59 (show/hide source)
39       */
40      public function sb_register_date() {
41          $date = date('Y-m-d',strtotime('now'));
42          return $date;
43      }
44  
45  
46      public function save_shared_posts($post_id, $profile_id, $network_id, $data_array, $published_date, $share_type = 'instant', $success = true, $error = '') {
47          global $wpdb;
48          $table = $wpdb->prefix . 'sb_shared_posts';
49          $wpdb->insert(
50              $table,
51              array(
52                  'post_id' => $post_id,
53                  'published_date' => $published_date,
54                  'post_meta' => serialize($data_array),
55                  'profile_id' => $profile_id,
56                  'network_id' => $network_id,
57                  'share_type' => $share_type,
58                  'success' => $success,
59 'error_msg' => $error,
60 ) 61 );
Rx_Sb_Facebook::sb_send_feed_to_facebook /social-booster/admin/networks/facebook/class-rx-sb-facebook.php:285 (show/hide source)
265          }
266          if (empty($link)) {
267              unset($data_array['link']);
268          }
269          $ch = curl_init();
270          curl_setopt($ch, CURLOPT_URL,'https://graph.facebook.com/'.$platform_id.'/feed');
271          curl_setopt($ch, CURLOPT_POST, 1);
272          curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data_array));
273          curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
274          $server_output = curl_exec($ch);
275          $error = false;
276          if (curl_error($ch)) {
277              $error = true;
278          }
279          curl_close ($ch);
280          $published_date = $this->sb_register_date();
281          if($error) {
282              $this->save_shared_posts($post_id, $network_id, $id, $data_array, $published_date, $share_type, false, 'Post was not published');
283              return true;
284          }
285 $this->save_shared_posts($post_id, $network_id, $id, $data_array, $published_date, $share_type, true, '');
286 return true; 287 }
Rx_Sb_Ajax::rx_sb_schedule /social-booster/admin/class-rx-sb-ajax.php:176 (show/hide source)
156                        <li class="time">'.$sch_time.'</li>
157                        <li class="recurring-type">'.$schedule.'</li>
158                        <li class="status">
159                          <button class="edit edit-schedule" data-caption="'.$message.'" data-schedule="'.$schedule.'" data-id="'.$schedule_id.'" title="Edit" data-toggle="modal" data-target="#exampleModalCenter"><i class="fa fa-pencil-square"></i></button>
160                          <button class="delete delete-schedule" data-id="'.$schedule_id.'" title="Delete"><i class="fa fa-trash"></i></button>
161                        </li>
162                    </ul>
163                    ';
164                  }
165                }
166                //====Finish html append===//
167              }
168            }
169          }
170        }
171        else {
172          if (!in_array($info->id, $media)) {
173            if ($info->auth_status == 'active' && $info->auth_con == 'active') {
174                if(array_key_exists($info->network, $premium_networks)) {
175                  if ($info->network == 'facebook') {
176 $data_post = $facebook->sb_send_feed_to_facebook($postid, $info->profile_id, $info->id, $message, $post_permalink);
177 } 178 if ($info->network == 'twitter') {