Project: Wordpress Plugin Experitus Booking Form 0.4

Vulnerability: #6956614 (2017-12-07 12:52:10)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/experitus-form/includes/views/form.php:94 (show/hide source)
74  							<?php else: ?>
75  								<input class="request_<?php echo $attribute; ?>" value="<?php echo get_input_value($attribute); ?>" type="text" id="request_<?php echo $attribute; ?>" name="Request[<?php echo $attribute; ?>]" />
76  							
77  							<?php endif; ?>
78  							
79  						</div>
80  					<?php endif; ?>
81  					
82  				<?php endforeach; ?>
83  				
84  			</div>
85  			
86  		<?php endforeach; ?>
87  		
88  		<div class="attributes_category" id="<?= $category ?>_category">
89  			<h3><?php echo __( 'Item' ); ?></h3>
90  			<?php foreach ( $this->options['request_attributes']['item'] as $attribute => $data ): ?>
91  				
92  				<?php if ( isset( $data['type'] ) && $data['type'] == 'hidden_field' ): ?>
93  					<?php if ( isset( $_GET[$attribute] ) ): ?>
94 <input class="request_item_<?php echo $attribute; ?>" value="<?php echo $_GET[$attribute]; ?>" type="hidden" id="request_item_0_<?php echo $attribute; ?>" name="RequestItem[0][<?php echo $attribute; ?>]" />
95 <?php endif; ?> 96
Threat level 2

Callstack:

@INLINE::/experitus-form/includes/views/form.php /experitus-form/includes/views/form.php:94 (show/hide source)
74  							<?php else: ?>
75  								<input class="request_<?php echo $attribute; ?>" value="<?php echo get_input_value($attribute); ?>" type="text" id="request_<?php echo $attribute; ?>" name="Request[<?php echo $attribute; ?>]" />
76  							
77  							<?php endif; ?>
78  							
79  						</div>
80  					<?php endif; ?>
81  					
82  				<?php endforeach; ?>
83  				
84  			</div>
85  			
86  		<?php endforeach; ?>
87  		
88  		<div class="attributes_category" id="<?= $category ?>_category">
89  			<h3><?php echo __( 'Item' ); ?></h3>
90  			<?php foreach ( $this->options['request_attributes']['item'] as $attribute => $data ): ?>
91  				
92  				<?php if ( isset( $data['type'] ) && $data['type'] == 'hidden_field' ): ?>
93  					<?php if ( isset( $_GET[$attribute] ) ): ?>
94 <input class="request_item_<?php echo $attribute; ?>" value="<?php echo $_GET[$attribute]; ?>" type="hidden" id="request_item_0_<?php echo $attribute; ?>" name="RequestItem[0][<?php echo $attribute; ?>]" />
95 <?php endif; ?> 96