Project: Wordpress Plugin WP-Stateless – Google Cloud Storage 2.3.2

Vulnerability: #9253629 (2020-04-26 11:05:12)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::is_readable
Risk _ENV
/home/redeemer/phpsourcerer/src/PhpSourcerer/Simulator/Stubs/Standard.php:110 (show/hide source)
Threat level 0

Callstack:

wpCloud\StatelessMedia\Settings::refresh /wp-stateless/lib/classes/class-settings.php:235 (show/hide source)
215                  /* Path is correct. Do nothing */
216                  break;
217                /* Look using WP root. */
218                case (file_exists( ABSPATH . $key_file_path ) ):
219                  $key_file_path = ABSPATH . $key_file_path;
220                  break;
221                /* Look in wp-content dir */
222                case (file_exists( WP_CONTENT_DIR . $key_file_path ) ):
223                  $key_file_path = WP_CONTENT_DIR . $key_file_path;
224                  break;
225                /* Look in uploads dir */
226                case (file_exists( wp_normalize_path( $upload_dir[ 'basedir' ] ) . '/' . $key_file_path ) ):
227                  $key_file_path = wp_normalize_path( $upload_dir[ 'basedir' ] ) . '/' . $key_file_path;
228                  break;
229                /* Look using Plugin root */
230                case (file_exists(ud_get_stateless_media()->path( $key_file_path, 'dir') ) ):
231                  $key_file_path = ud_get_stateless_media()->path( $key_file_path, 'dir' );
232                  break;
233  
234              }
235 if(is_readable($key_file_path)) {
236 $this->set( 'sm.key_json', file_get_contents($key_file_path) ); 237 if(defined('WP_STATELESS_MEDIA_KEY_FILE_PATH'))
wpCloud\StatelessMedia\Settings::__construct /wp-stateless/lib/classes/class-settings.php:71 (show/hide source)
51        public function __construct() {
52  
53          add_action('admin_menu', array( $this, 'admin_menu' ));
54  
55          
56          $this->save_media_settings();
57          
58  
59          /* Add 'Settings' link for SM plugin on plugins page. */
60          $_basename = plugin_basename( ud_get_stateless_media()->boot_file );
61  
62          parent::__construct( array(
63            'store'       => 'options',
64            'format'      => 'json',
65            'data'        => array(
66              'sm' => array()
67            )
68          ));
69          
70          // Setting sm variable
71 $this->refresh();
72 73 /**