Project: Wordpress Plugin XML Import 1.0.4

Vulnerability: #7371197 (2018-01-12 23:54:10)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::preg_replace
Risk _POST
/xml-import/includes/class-xml-import.php:1097 (show/hide source)
1077  			add_post_meta( $attach_id, '_wp_attachment_metadata', $img_meta );
1078  			add_post_meta( $attach_id, '_wp_attached_file', $img_meta['file'] );
1079  			add_post_meta( $post_id, $meta_key, $attach_id );
1080  		}
1081  	}
1082  	
1083  	public function save_map() {
1084  		
1085  		$post = $this->fill_feed_info( $_POST['id'] );
1086  		
1087  		if( ! $post ) {
1088  			_e( 'Could not find post', 'xml-import' );
1089  			wp_die();
1090  		}
1091  		
1092  		$map = json_decode( stripslashes( $_POST['map'] ) );
1093  		
1094  		if( $map ) {
1095  			
1096  			$this->type = $_POST['type'];
1097 $this->root = $_POST['root'];
1098 $this->map = $map; 1099
Threat level 1

Callstack:

XML_Import::import_map /xml-import/includes/class-xml-import.php:863 (show/hide source)
843  			_e( 'Could not download', 'xml-import' );
844  		}
845  		wp_die();
846  	}
847  	
848  	public function import_map() {
849  		$user = wp_get_current_user();
850  		
851  		$post = $this->fill_feed_info( $_POST['id'] );
852  		$offset = (int) $_POST['offset'];
853  		$size = 10;
854  		
855  		if( ! $post ) {
856  			echo '{"error":"' . __( 'Invalid input', 'xml-import' ) . '"}';
857  			wp_die();
858  		}
859  		
860  		$map = array();
861  
862  		foreach( $this->map as $key => $value ) {
863 $map[ $key ] = trim( preg_replace( '/^'.str_replace('/', '\/', $this->root) .'/', '', $value ), '/' );
864 } 865