Project: Wordpress Plugin Ultimate Post Type Manager 1.6.9

Vulnerability: #6956605 (2017-12-07 12:25:49)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/ultimate-post-type-manager/cptfields.php:400 (show/hide source)
380  				}?>
381                </select>
382              <p><?php _e('Input type of the field.','xydac_cpt'); ?></p>
383            </div>
384            <div class="form-field">
385              <label for="field_desc"><?php _e('Field Description','xydac_cpt'); ?></label>
386              <input type="text" name="field_desc" id="field_desc" class="name" value="<?php if($not_inserted) {if(isset($_POST['field_desc']) ) echo $p_fdesc; else if(isset($_GET['field'])) echo $p_fdesc;} ?>">
387              <p><?php _e('Description for The Field','xydac_cpt'); ?></p>
388            </div>
389              <div class="form-field"><?php //@TODO:make values disabled when text is selected ?>
390              <label for="field_val"><?php _e('Field Value','xydac_cpt'); ?></label>
391              <input type="text" name="field_val" id="field_val" class="name" value="<?php if($not_inserted) {if(isset($_POST['field_val']) ) echo $p_fval; else if(isset($_GET['field'])) echo $p_fval;} ?>">
392              <p><?php _e('Enter a comma seperated values to be used for Combo-box, Checkbox, Radio Buttons.For Gallery Enter Width,height as 300px,400px','xydac_cpt'); ?></p>
393            </div>
394  		  <div class="form-field">
395              <label for="field_order"><?php _e('Field Order','xydac_cpt'); ?></label>
396              <input type="text" name="field_order" id="field_order" class="name" value="<?php if($not_inserted) {if(isset($_POST['field_order']) ) echo $p_fval; else if(isset($_GET['field'])) echo $p_forder;} ?>">
397              <p><?php _e('Enter 1,2,3.. order in which you want the Custom Field to appear.','xydac_cpt'); ?></p>
398            </div>
399              <input type="hidden" name="cpt_name" value="<?php echo $t_name; ?>"/>
400 <?php if(isset($_GET['cpt_field'])) { ?><input type="hidden" name="field_name" value="<?php echo $_GET['cpt_field']; ?>"/><?php } ?>
401 402 <p class="submit">
Threat level 2

Callstack:

@FUNCTION::xydac_cpt /ultimate-post-type-manager/cptfields.php:400 (show/hide source)
380  				}?>
381                </select>
382              <p><?php _e('Input type of the field.','xydac_cpt'); ?></p>
383            </div>
384            <div class="form-field">
385              <label for="field_desc"><?php _e('Field Description','xydac_cpt'); ?></label>
386              <input type="text" name="field_desc" id="field_desc" class="name" value="<?php if($not_inserted) {if(isset($_POST['field_desc']) ) echo $p_fdesc; else if(isset($_GET['field'])) echo $p_fdesc;} ?>">
387              <p><?php _e('Description for The Field','xydac_cpt'); ?></p>
388            </div>
389              <div class="form-field"><?php //@TODO:make values disabled when text is selected ?>
390              <label for="field_val"><?php _e('Field Value','xydac_cpt'); ?></label>
391              <input type="text" name="field_val" id="field_val" class="name" value="<?php if($not_inserted) {if(isset($_POST['field_val']) ) echo $p_fval; else if(isset($_GET['field'])) echo $p_fval;} ?>">
392              <p><?php _e('Enter a comma seperated values to be used for Combo-box, Checkbox, Radio Buttons.For Gallery Enter Width,height as 300px,400px','xydac_cpt'); ?></p>
393            </div>
394  		  <div class="form-field">
395              <label for="field_order"><?php _e('Field Order','xydac_cpt'); ?></label>
396              <input type="text" name="field_order" id="field_order" class="name" value="<?php if($not_inserted) {if(isset($_POST['field_order']) ) echo $p_fval; else if(isset($_GET['field'])) echo $p_forder;} ?>">
397              <p><?php _e('Enter 1,2,3.. order in which you want the Custom Field to appear.','xydac_cpt'); ?></p>
398            </div>
399              <input type="hidden" name="cpt_name" value="<?php echo $t_name; ?>"/>
400 <?php if(isset($_GET['cpt_field'])) { ?><input type="hidden" name="field_name" value="<?php echo $_GET['cpt_field']; ?>"/><?php } ?>
401 402 <p class="submit">