Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink fake_wpdb::insert
Risk _POST
/social-booster/admin/class-rx-sb-ajax.php:60 (show/hide source)
40            if ($info->network == 'facebook') {
41              $data_post = $facebook->sb_send_feed_to_facebook($postid, $info->profile_id, $info->id, $message, $post_permalink);
42            }
43            if ($info->network == 'twitter') {
44              $data_post = $twitter->sb_send_feed_to_twitter($postid, $info->profile_id, $info->id, $message, $post_permalink);
45            }
46            if ($info->network == 'tumblr') {
47              $data_post = $tumblr->sb_send_feed_to_tumblr($postid, $info->profile_id, $info->id, $message, $post_permalink);
48            }
49          }
50        }
51      }
52      die();
53    }
54  
55    /*
56     * Schedule post
57     */
58    function rx_sb_schedule() {
59  
60 $postid = sanitize_text_field($_POST['postid']);
61 $post_status = get_post_status($postid); 62 if ($post_status != 'publish') {
Threat level 2

Callstack:

Rx_Sb_Ajax::rx_sb_schedule /social-booster/admin/class-rx-sb-ajax.php:201 (show/hide source)
181                  if ($info->network == 'tumblr') {
182                    $data_post = $tumblr->sb_send_feed_to_tumblr($postid, $info->profile_id, $info->id, $message, $post_permalink);
183                  }
184                  if ($info->network == 'linkedin') {
185                    $linkedin = new Rx_Sb_Linkedin();
186                    $data_post = $linkedin->sb_send_feed_to_linkedin($postid, $info->profile_id, $info->id, $message, $post_permalink);
187                  }
188                  if ($info->network == 'reddit') {
189                    $reddit = new Rx_Sb_Reddit();
190                    $data_post = $reddit->sb_send_feed_to_reddit($postid, $info->profile_id, $info->id, $message, $post_permalink);
191                  }
192                  $wpdb->insert(
193                      $schedule_table,
194                      array(
195                          'post_id' => $postid,
196                          'post_meta' => $post_meta,
197                          'profile_id' => $info->profile_id,
198                          'network_id' => $info->id,
199                          'share_type' => 'scheduled',
200                          'schedule_type' => $schedule,
201 'schedule_time' => $schedule_time,
202 ) 203 );