Project: Wordpress Plugin VerticalResponse Newsletter Widget 1.6

Vulnerability: #7524896 (2018-02-13 19:17:43)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _POST
/vertical-response-newsletter-widget/vertical-response-widget.php:252 (show/hide source)
232  			'show_vr_code' => 'yes', 
233  			'credit' => 'yes', 
234  			'border_color'=>'#999999', 
235  			'bg_color'=>'#dddddd', 
236  			'font_color'=>'black', 
237  			'label_color'=>'#333333', 
238  			'button_border_color'=>'#999999',
239  			'button_bg_color'=>'#c0c0c0',
240  			'button_font_color'=>'#333333',
241  			'border_width'=>'1',
242  #			'legend' => '',
243  		);
244  		
245  	}
246  	if ($_POST['vr_form_submit']) {
247  		$options['title']=strip_tags($_POST["vr_form_title"]);
248  		$options['code']=strip_tags($_POST["vr_form_code"]);
249  #		$options['legend']=strip_tags(stripslashes($_POST["vr_form_legend"]));
250  		$options['showlegend']=strip_tags($_POST["vr_display_legend"]);
251  		$options['preface']=strip_tags($_POST["vr_form_preface"]);
252 $options['button']=strip_tags($_POST["vr_form_button"]);
253 $options['wrap']=strip_tags($_POST["vr_form_wrap"]); 254 $options['defaultstyle'] = strip_tags($_POST["vr_defaultstyle"]);
Threat level 2

Callstack:

@FUNCTION::widget_vr_options /vertical-response-newsletter-widget/vertical-response-widget.php:324 (show/hide source)
304  		  <textarea style="width: 100%; margin-bottom:1em;" id="vr_form_preface" name="vr_form_preface" rows="5"><?php echo htmlspecialchars(stripslashes($options['preface'])); ?></textarea>
305  		 
306  		 <label for="vr_form_wrap">
307  		  <strong><?php _e('Wrap Text in:'); ?></strong><br />
308  		  By default, the text will be wrapped in a paragraph (<code>&lt;p&gt;</code>). <em>Note: Do not include brackets</em>.
309  		</label>
310  		  <input style="width: 100%; margin-bottom:1em;" id="vr_form_wrap" name="vr_form_wrap" type="text" value="<?php echo htmlspecialchars(stripslashes($options['wrap'])); ?>" /> 
311  
312  
313  <!--
314  		 <label for="vr_form_legend">
315  		  <strong><?php _e('Form Name'); ?></strong><br />
316  		  Leave empty to hide. Otherwise, it will be a form <code>&lt;legend&gt;</code>
317  		</label>
318  		  <input style="width: 100%; margin-bottom:1em;" id="vr_form_legend" name="vr_form_legend" type="text" value="<?php echo htmlspecialchars(stripslashes($options['legend'])); ?>" />			 
319  -->
320  		 
321  		<label for="vr_form_button">
322  		  <strong><?php _e('Submit Button Text:'); ?></strong>
323  		</label>
324 <input style="width: 100%; margin-bottom:1em;" id="vr_form_button" name="vr_form_button" type="text" value="<?php echo htmlspecialchars(stripslashes($options['button'])); ?>" />
325 <hr /> 326 <h2>Style Settings</h2>