Project: Wordpress Plugin VerticalResponse Newsletter Widget 1.6

Vulnerability: #7524899 (2018-02-13 19:17:43)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _POST
/vertical-response-newsletter-widget/vertical-response-widget.php:261 (show/hide source)
241  			'border_width'=>'1',
242  #			'legend' => '',
243  		);
244  		
245  	}
246  	if ($_POST['vr_form_submit']) {
247  		$options['title']=strip_tags($_POST["vr_form_title"]);
248  		$options['code']=strip_tags($_POST["vr_form_code"]);
249  #		$options['legend']=strip_tags(stripslashes($_POST["vr_form_legend"]));
250  		$options['showlegend']=strip_tags($_POST["vr_display_legend"]);
251  		$options['preface']=strip_tags($_POST["vr_form_preface"]);
252  		$options['button']=strip_tags($_POST["vr_form_button"]);
253  		$options['wrap']=strip_tags($_POST["vr_form_wrap"]);
254  		$options['defaultstyle'] = strip_tags($_POST["vr_defaultstyle"]);
255  		$options['showname'] = strip_tags($_POST["vr_showname"]);
256  		$options['required'] = strip_tags($_POST["vr_required"]);
257  		$options['show_vr_code'] = strip_tags($_POST["vr_show_vr_code"]);
258  		$options['credit'] = strip_tags(stripslashes($_POST["vr_credit"]));
259  		$options['border_color'] = strip_tags(stripslashes($_POST["vr_border_color"]));
260  		$options['bg_color'] = strip_tags(stripslashes($_POST["vr_bg_color"]));
261 $options['font_color'] = strip_tags(stripslashes($_POST["vr_font_color"]));
262 $options['label_color'] = strip_tags(stripslashes($_POST["vr_label_color"])); 263 $options['button_bg_color'] = strip_tags(stripslashes($_POST["vr_button_bg_color"]));
Threat level 2

Callstack:

@FUNCTION::widget_vr_options /vertical-response-newsletter-widget/vertical-response-widget.php:381 (show/hide source)
361  			  <option value="6">6 px</option>
362  			  <option value="7">7 px</option>
363  			  <option value="8">8 px</option>
364  			  <option value="9">9 px</option>
365  			  <option value="10">10 px</option>
366  			  <option value="11">11 px</option>
367  			  <option value="12">12 px</option>
368  			  <option value="13">13 px</option>
369  			  <option value="14">14 px</option>
370  			  <option value="15">15 px</option>
371  			  <option value="16">16 px</option>
372  			  <option value="17">17 px</option>
373  			  <option value="18">18 px</option>
374  			  <option value="19">19 px</option>
375  			  <option value="20">20 px</option>
376  			</select></div>
377  		  <br /> 
378  		 <label for="vr_font_color"><strong><?php _e('Text Color:'); ?></strong><br />
379  		  Change the color of widget text.
380  		</label>
381 <input style="width: 100%; margin-bottom:1em;" id="vr_font_color" name="vr_font_color" type="text" value="<?php echo htmlspecialchars(stripslashes($options['font_color'])); ?>" />
382 383 <br />