Project: Wordpress Plugin ZodiacPress 1.5.7

Vulnerability: #7524913 (2018-02-13 19:25:17)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/zodiacpress/includes/admin/settings/display-settings.php:27 (show/hide source)
7   * @copyright   Copyright (c) 2016-2017, Isabel Castillo
8   * @license     http://opensource.org/licenses/gpl-2.0.php GNU Public License
9  */
10  
11  if ( ! defined( 'ABSPATH' ) ) exit;
12  
13  /**
14   * Settings Page
15   *
16   * Renders the settings page contents.
17   *
18   * @return void
19   */
20  function zp_options_page() {
21  
22  	$settings_tabs = zp_get_settings_tabs();
23  	$settings_tabs = empty( $settings_tabs ) ? array() : $settings_tabs;
24  	$active_tab    = isset( $_GET['tab'] ) && array_key_exists( $_GET['tab'], $settings_tabs ) ? sanitize_text_field( $_GET['tab'] ) : 'natal';
25  	$sections      = zp_get_settings_tab_sections( $active_tab );
26  
27 $section = isset( $_GET['section'] ) && ! empty( $sections ) && array_key_exists( $_GET['section'], $sections ) ? sanitize_text_field( $_GET['section'] ) : 'main';
28 ob_start(); 29 ?>
Threat level 2

Callstack:

@FUNCTION::zp_options_page /zodiacpress/includes/admin/settings/display-settings.php:82 (show/hide source)
62  				$number++;
63  				$tab_url = add_query_arg( array(
64  					'settings-updated' => false,
65  					'tab' => $active_tab,
66  					'section' => $section_id
67  				) );
68  				$class = '';
69  				if ( $section == $section_id ) {
70  					$class = 'current';
71  				}
72  				echo '<a class="' . $class . '" href="' . esc_url( $tab_url ) . '">' . $section_name . '</a>';
73  
74  				if ( $number != $number_of_sections ) {
75  					echo ' | ';
76  				}
77  				echo '</li>';
78  			}
79  			echo '</ul></div>';
80  		}
81  		?>
82 <div id="tab_container" class="<?php echo $active_tab . '_' . $section; ?>">
83 <form method="post" action="options.php"> 84 <?php