Project: Wordpress Plugin WP-Stateless – Google Cloud Storage 2.3.2

Vulnerability: #9253673 (2020-04-26 11:14:06)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::file_get_contents
Risk _ENV
/home/redeemer/phpsourcerer/src/PhpSourcerer/Simulator/Stubs/Standard.php:110 (show/hide source)
Threat level 0

Callstack:

wpCloud\StatelessMedia\Settings::refresh /wp-stateless/lib/classes/class-settings.php:236 (show/hide source)
216                  break;
217                /* Look using WP root. */
218                case (file_exists( ABSPATH . $key_file_path ) ):
219                  $key_file_path = ABSPATH . $key_file_path;
220                  break;
221                /* Look in wp-content dir */
222                case (file_exists( WP_CONTENT_DIR . $key_file_path ) ):
223                  $key_file_path = WP_CONTENT_DIR . $key_file_path;
224                  break;
225                /* Look in uploads dir */
226                case (file_exists( wp_normalize_path( $upload_dir[ 'basedir' ] ) . '/' . $key_file_path ) ):
227                  $key_file_path = wp_normalize_path( $upload_dir[ 'basedir' ] ) . '/' . $key_file_path;
228                  break;
229                /* Look using Plugin root */
230                case (file_exists(ud_get_stateless_media()->path( $key_file_path, 'dir') ) ):
231                  $key_file_path = ud_get_stateless_media()->path( $key_file_path, 'dir' );
232                  break;
233  
234              }
235              if(is_readable($key_file_path)) {
236 $this->set( 'sm.key_json', file_get_contents($key_file_path) );
237 if(defined('WP_STATELESS_MEDIA_KEY_FILE_PATH')) 238 $this->set( "sm.readonly.key_json", "constant" );
wpCloud\StatelessMedia\Bootstrap::on_switch_blog /wp-stateless/lib/classes/class-bootstrap.php:407 (show/hide source)
387          return $fileLink;
388        }
389  
390        /**
391         * Return settings page url.
392         *
393         * @param string $path
394         * @return string
395         */
396        public function get_settings_page_url( $path = '' ) {
397          $url = get_admin_url( get_current_blog_id(), ( is_network_admin() ? 'network/settings.php' : 'upload.php' ) );
398          return $url . $path;
399        }
400  
401        /**
402         * Get new blog settings once switched blog.
403         * @param $new_blog
404         * @param $prev_blog_id
405         */
406        public function on_switch_blog( $new_blog, $prev_blog_id ) {
407 $this->settings->refresh();
408 } 409