Project: Wordpress Plugin WP-Stateless – Google Cloud Storage 2.3.2

Vulnerability: #9253643 (2020-04-26 11:05:45)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::file_get_contents
Risk _ENV
/home/redeemer/phpsourcerer/src/PhpSourcerer/Simulator/Stubs/Standard.php:110 (show/hide source)
Threat level 0

Callstack:

wpCloud\StatelessMedia\Settings::refresh /wp-stateless/lib/classes/class-settings.php:236 (show/hide source)
216                  break;
217                /* Look using WP root. */
218                case (file_exists( ABSPATH . $key_file_path ) ):
219                  $key_file_path = ABSPATH . $key_file_path;
220                  break;
221                /* Look in wp-content dir */
222                case (file_exists( WP_CONTENT_DIR . $key_file_path ) ):
223                  $key_file_path = WP_CONTENT_DIR . $key_file_path;
224                  break;
225                /* Look in uploads dir */
226                case (file_exists( wp_normalize_path( $upload_dir[ 'basedir' ] ) . '/' . $key_file_path ) ):
227                  $key_file_path = wp_normalize_path( $upload_dir[ 'basedir' ] ) . '/' . $key_file_path;
228                  break;
229                /* Look using Plugin root */
230                case (file_exists(ud_get_stateless_media()->path( $key_file_path, 'dir') ) ):
231                  $key_file_path = ud_get_stateless_media()->path( $key_file_path, 'dir' );
232                  break;
233  
234              }
235              if(is_readable($key_file_path)) {
236 $this->set( 'sm.key_json', file_get_contents($key_file_path) );
237 if(defined('WP_STATELESS_MEDIA_KEY_FILE_PATH')) 238 $this->set( "sm.readonly.key_json", "constant" );
wpCloud\StatelessMedia\Settings::reset /wp-stateless/lib/classes/class-settings.php:275 (show/hide source)
255            $_option = 'sm_' . $option;
256  
257            if($network && current_user_can('manage_network')){
258              delete_site_option($_option);
259              delete_option($_option);
260            }
261            else{
262              delete_option($_option);
263            }
264          }
265  
266          foreach ($this->network_only_settings as $option => $array) {
267            $_option = 'sm_' . $option;
268            if($network && current_user_can('manage_network')){
269              delete_site_option($_option);
270              delete_option($_option);
271            }
272          }
273          
274          $this->set('sm', []);
275 $this->refresh();
276 } 277