Project: Wordpress Plugin VerticalResponse Newsletter Widget 1.6

Vulnerability: #7524902 (2018-02-13 19:17:43)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _POST
/vertical-response-newsletter-widget/vertical-response-widget.php:264 (show/hide source)
244  		
245  	}
246  	if ($_POST['vr_form_submit']) {
247  		$options['title']=strip_tags($_POST["vr_form_title"]);
248  		$options['code']=strip_tags($_POST["vr_form_code"]);
249  #		$options['legend']=strip_tags(stripslashes($_POST["vr_form_legend"]));
250  		$options['showlegend']=strip_tags($_POST["vr_display_legend"]);
251  		$options['preface']=strip_tags($_POST["vr_form_preface"]);
252  		$options['button']=strip_tags($_POST["vr_form_button"]);
253  		$options['wrap']=strip_tags($_POST["vr_form_wrap"]);
254  		$options['defaultstyle'] = strip_tags($_POST["vr_defaultstyle"]);
255  		$options['showname'] = strip_tags($_POST["vr_showname"]);
256  		$options['required'] = strip_tags($_POST["vr_required"]);
257  		$options['show_vr_code'] = strip_tags($_POST["vr_show_vr_code"]);
258  		$options['credit'] = strip_tags(stripslashes($_POST["vr_credit"]));
259  		$options['border_color'] = strip_tags(stripslashes($_POST["vr_border_color"]));
260  		$options['bg_color'] = strip_tags(stripslashes($_POST["vr_bg_color"]));
261  		$options['font_color'] = strip_tags(stripslashes($_POST["vr_font_color"]));
262  		$options['label_color'] = strip_tags(stripslashes($_POST["vr_label_color"]));
263  		$options['button_bg_color'] = strip_tags(stripslashes($_POST["vr_button_bg_color"]));
264 $options['button_font_color'] = strip_tags(stripslashes($_POST["vr_button_font_color"]));
265 $options['button_border_color'] = strip_tags(stripslashes($_POST["vr_button_border_color"])); 266 $options['border_width'] = strip_tags(stripslashes($_POST["vr_border_width"]));
Threat level 2

Callstack:

@FUNCTION::widget_vr_options /vertical-response-newsletter-widget/vertical-response-widget.php:399 (show/hide source)
379  		  Change the color of widget text.
380  		</label>
381  		  <input style="width: 100%; margin-bottom:1em;" id="vr_font_color" name="vr_font_color" type="text" value="<?php echo htmlspecialchars(stripslashes($options['font_color'])); ?>" />
382  		
383  		  <br /> 
384  		 <label for="vr_label_color"><strong><?php _e('Form Label Color:'); ?></strong><br />
385  		  Change the color of widget labels (next to input fields).
386  		</label>
387  		  <input style="width: 100%; margin-bottom:1em;" id="vr_label_color" name="vr_label_color" type="text" value="<?php echo htmlspecialchars(stripslashes($options['label_color'])); ?>" />
388  		  
389  		  <br /> 
390  		 <label for="vr_button_bg_color"><strong><?php _e('Button Color:'); ?></strong><br />
391  		 Change the color of the button's background.
392  		</label>
393  		  <input style="width: 100%; margin-bottom:1em;" id="vr_button_bg_color" name="vr_button_bg_color" type="text" value="<?php echo htmlspecialchars(stripslashes($options['button_bg_color'])); ?>" />
394  		  
395  		  <br /> 
396  		 <label for="vr_button_font_color"><strong><?php _e('Button Text Color:'); ?></strong><br />
397  		  Change the color for the button's text.
398  		</label>
399 <input style="width: 100%; margin-bottom:1em;" id="vr_button_font_color" name="vr_button_font_color" type="text" value="<?php echo htmlspecialchars(stripslashes($options['button_font_color'])); ?>" />
400 401 <br />