Project: Wordpress Plugin VerticalResponse Newsletter Widget 1.6

Vulnerability: #7524895 (2018-02-13 19:17:43)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _POST
/vertical-response-newsletter-widget/vertical-response-widget.php:253 (show/hide source)
233  			'credit' => 'yes', 
234  			'border_color'=>'#999999', 
235  			'bg_color'=>'#dddddd', 
236  			'font_color'=>'black', 
237  			'label_color'=>'#333333', 
238  			'button_border_color'=>'#999999',
239  			'button_bg_color'=>'#c0c0c0',
240  			'button_font_color'=>'#333333',
241  			'border_width'=>'1',
242  #			'legend' => '',
243  		);
244  		
245  	}
246  	if ($_POST['vr_form_submit']) {
247  		$options['title']=strip_tags($_POST["vr_form_title"]);
248  		$options['code']=strip_tags($_POST["vr_form_code"]);
249  #		$options['legend']=strip_tags(stripslashes($_POST["vr_form_legend"]));
250  		$options['showlegend']=strip_tags($_POST["vr_display_legend"]);
251  		$options['preface']=strip_tags($_POST["vr_form_preface"]);
252  		$options['button']=strip_tags($_POST["vr_form_button"]);
253 $options['wrap']=strip_tags($_POST["vr_form_wrap"]);
254 $options['defaultstyle'] = strip_tags($_POST["vr_defaultstyle"]); 255 $options['showname'] = strip_tags($_POST["vr_showname"]);
Threat level 2

Callstack:

@FUNCTION::widget_vr_options /vertical-response-newsletter-widget/vertical-response-widget.php:310 (show/hide source)
290  	</p>
291  	</div>
292  	<hr />
293  	<h2>Text Settings</h2>
294  	 <p>
295  		 <label for="vr_form_title">
296  		  <strong><?php _e('Title:'); ?></strong>
297  		</label>
298  		  <input style="width: 100%; margin-bottom:1em;" id="vr_form_title" name="vr_form_title" type="text" value="<?php echo htmlspecialchars(stripslashes($options['title'])); ?>" />
299  		  
300  		 <label for="vr_form_preface">
301  		  <strong><?php _e('Text:'); ?></strong>
302  		  <br />Displayed below the Title
303  		</label><br />
304  		  <textarea style="width: 100%; margin-bottom:1em;" id="vr_form_preface" name="vr_form_preface" rows="5"><?php echo htmlspecialchars(stripslashes($options['preface'])); ?></textarea>
305  		 
306  		 <label for="vr_form_wrap">
307  		  <strong><?php _e('Wrap Text in:'); ?></strong><br />
308  		  By default, the text will be wrapped in a paragraph (<code>&lt;p&gt;</code>). <em>Note: Do not include brackets</em>.
309  		</label>
310 <input style="width: 100%; margin-bottom:1em;" id="vr_form_wrap" name="vr_form_wrap" type="text" value="<?php echo htmlspecialchars(stripslashes($options['wrap'])); ?>" />
311 312