Project: Wordpress Plugin YITH WooCommerce Wishlist 2.2.0

Vulnerability: #7371194 (2018-01-12 23:22:17)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/yith-woocommerce-wishlist/plugin-fw/lib/yit-plugin-panel.php:498 (show/hide source)
478  
479  
480          /**
481           * Get current tab
482           *
483           * get the id of tab showed, return general is the current tab is not defined
484           *
485           * @return string
486           * @since  1.0
487           * @author Emanuela Castorina <emanuela.castorina@yithemes.it>
488           */
489          function get_current_tab() {
490              $admin_tabs = array_keys( $this->settings[ 'admin-tabs' ] );
491  
492              if ( !isset( $_GET[ 'page' ] ) || $_GET[ 'page' ] != $this->settings[ 'page' ] ) {
493                  return false;
494              }
495              if ( isset( $_REQUEST[ 'yit_tab_options' ] ) ) {
496                  return $_REQUEST[ 'yit_tab_options' ];
497              } elseif ( isset( $_GET[ 'tab' ] ) && isset( $this->_tabs_path_files[ $_GET[ 'tab' ] ] ) ) {
498 return $_GET[ 'tab' ];
499 } elseif ( isset( $admin_tabs[ 0 ] ) ) { 500 return $admin_tabs[ 0 ];
Threat level 2

Callstack:

YIT_Plugin_Panel::yit_panel /yith-woocommerce-wishlist/plugin-fw/lib/yit-plugin-panel.php:379 (show/hide source)
359              $custom_tab_action = $this->is_custom_tab( $yit_options, $current_tab );
360              if ( $custom_tab_action ) {
361                  $this->print_custom_tab( $custom_tab_action );
362  
363                  return;
364              }
365              ?>
366              <?php $this->print_video_box(); ?>
367              <?php
368              $panel_content_class = apply_filters( 'yit_admin_panel_content_class', 'yit-admin-panel-content-wrap' );
369              ?>
370              <div id="wrap" class="yith-plugin-fw plugin-option yit-admin-panel-container">
371                  <?php $this->message(); ?>
372                  <div class="<?php echo $panel_content_class; ?>">
373                      <h2><?php echo $this->get_tab_title() ?></h2>
374                      <?php if ( $this->is_show_form() ) : ?>
375                          <form id="yith-plugin-fw-panel" method="post" action="options.php">
376                              <?php do_settings_sections( 'yit' ); ?>
377                              <p>&nbsp;</p>
378                              <?php settings_fields( 'yit_' . $this->settings[ 'parent' ] . '_options' ); ?>
379 <input type="hidden" name="<?php echo $this->get_name_field( 'current_tab' ) ?>" value="<?php echo esc_attr( $current_tab ) ?>"/>
380 <input type="submit" class="button-primary" value="<?php _e( 'Save Changes', 'yith-plugin-fw' ) ?>" style="float:left;margin-right:10px;"/> 381 </form>