Project: Wordpress Plugin Search Engine 0.5.9

Vulnerability: #7989851 (2018-04-16 16:09:10)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/search-engine/search-engine.php:1197 (show/hide source)
1177          $result_infobar = $atts[ 'result_infobar' ];
1178          if ( $result_infobar != 1 )
1179              $result_infobar = 0;
1180          $result_url = $atts[ 'result_url' ];
1181          if ( $result_url != 1 )
1182              $result_url = 0;
1183          $output = $atts[ 'output' ];
1184          if ( $output != 1 )
1185              $output = 0;
1186          $return_search = $atts[ 'return_search' ];
1187          if ( $return_search != 1 )
1188              $return_search = 0;
1189      }
1190      if(empty($site_ids)&&empty($template_ids))
1191          return;
1192      include_once SEARCH_ENGINE_DIR.'/classes/Search.class.php';
1193      $query = '';
1194      if(!wp_style_is('search-engine')&&isset($_GET['q']))
1195          $query = stripslashes($_GET['q']);
1196      elseif(isset($_GET['s']))
1197 $query = stripslashes($_GET['s']);
1198 timer_start(); 1199 $search = new Search_Engine_Search($site_ids,$template_ids);
Threat level 2

Callstack:

@FUNCTION::search_engine_content /search-engine/search-engine.php:1284 (show/hide source)
1264                  {
1265                      if(empty($result->description))
1266                          $result->description = $result->fulltxt;
1267  ?>
1268      <li>
1269          <h3 class="search_engine_Title"><a href="<?php echo $result->url; ?>"><?php echo $search->search_do_excerpt($result->title,68,false); ?></a></h3>
1270          <div class="search_engine_Description"><?php echo $search->search_do_excerpt($result->description); ?></div>
1271          <?php if ( 1 == $result_url ) { ?>
1272          <cite class="search_engine_URL"><a href="<?php echo $result->url; ?>"><?php echo $search->search_do_excerpt($result->url); ?></a></cite>
1273          <?php } ?>
1274      </li>
1275  <?php
1276              }
1277  ?>
1278  </ul>
1279  <?php
1280              }
1281              else
1282              {
1283  ?>
1284 <p class="search_engine_normal">Your search - <strong><?php echo $query; ?></strong> - did not match any documents.</p>
1285 <p class="search_engine_normal">Suggestions:</p> 1286 <ul class="search_engine_real">