Project: Wordpress Plugin WP-Stateless – Google Cloud Storage 2.3.2

Vulnerability: #9253639 (2020-04-26 11:05:36)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _SERVER
/wp-stateless/static/views/setup_wizard_interface.php:2 (show/hide source)
1  <?php
2 $server_name = $_SERVER['HTTP_HOST']?$_SERVER['HTTP_HOST']: $_SERVER["SERVER_NAME"];
3 $id = str_replace('.', '-', $server_name); 4 $project_name = trim(substr($id, 0, 30), '-');
Threat level 0

Callstack:

@INLINE::/wp-stateless/static/views/setup_wizard_interface.php /wp-stateless/static/views/setup_wizard_interface.php:121 (show/hide source)
101                                                      </div>
102                                                      <div class="error"></div>
103                                                  </div>
104                                              </div>
105                                              <div class="wpStateLess-single-step-input">
106                                                  <label for="">
107                                                      <h4><?php _e( 'Google Cloud Bucket', ud_get_stateless_media()->domain ); ?></h4>
108                                                      <p><?php _e( 'By default we create a new bucket for you, or if you prefer, select an existing bucket.', ud_get_stateless_media()->domain ); ?></p>
109                                                  </label>
110                                                  <div class="wpStateLess-combo-box bucket">
111                                                      <input type="text" class="name" value="<?php echo $bucket_id;?>" placeholder="Select or Create New Bucket">
112                                                      <div class="circle-loader">
113                                                          <div class="checkmark draw"></div>
114                                                      </div>
115                                                      <div class="wpStateLess-input-dropdown">
116                                                          <div class="wpStateLess-create-new">
117                                                              <h5><?php _e( 'Create New Bucket', ud_get_stateless_media()->domain ); ?></h5>
118                                                              <ul>
119                                                                  <li class="custom-name"></li>
120                                                                  <li class="project-derived-name"></li>
121 <li class="predefined-name active" data-id="<?php echo $bucket_id?>" data-name="<?php echo $bucket_id?>">
122 <?php echo $bucket_id;?> 123 </li>