Project: Wordpress Plugin My Chatbot 0.6

Vulnerability: #7989863 (2018-04-16 16:15:09)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/my-chatbot/includes/admin/settings/display-settings.php:29 (show/hide source)
9   * @since       1.0
10   */
11  
12  // Exit if accessed directly
13  if ( ! defined( 'ABSPATH' ) ) exit;
14  
15  /**
16   * Options Page
17   *
18   * Renders the options page contents.
19   *
20   * @since 1.0
21   * @return void
22   */
23  function myc_options_page() {
24  	?>
25  	<div class="wrap">
26  		<h1><?php _e( 'My Chatbot Settings', 'my-chatbot' ); ?></h1>
27  		<h2 class="nav-tab-wrapper">
28  			<?php
29 $current_tab = isset( $_GET['tab'] ) ? $_GET['tab'] : 'myc_general_settings';
30 $tabs = array ( 31 'myc_general_settings' => __( 'General', 'my-chatbot' ),
Threat level 2

Callstack:

@FUNCTION::myc_options_page /my-chatbot/includes/admin/settings/display-settings.php:44 (show/hide source)
24  	?>
25  	<div class="wrap">
26  		<h1><?php _e( 'My Chatbot Settings', 'my-chatbot' ); ?></h1>
27  		<h2 class="nav-tab-wrapper">
28  			<?php
29  			$current_tab = isset( $_GET['tab'] ) ? $_GET['tab'] : 'myc_general_settings';
30  			$tabs = array (
31  					'myc_general_settings'				=> __( 'General', 'my-chatbot' ),
32  					'myc_overlay_settings'		=> __( 'Overlay', 'my-chatbot' )
33  			);
34  
35  			$tabs = apply_filters( 'myc_settings_tabs', $tabs );
36  
37  			foreach ( $tabs as $tab_key => $tab_caption ) {
38  				$active = $current_tab == $tab_key ? 'nav-tab-active' : '';
39  				echo '<a class="nav-tab ' . $active . '" href="options-general.php?page=my-chatbot&tab=' . $tab_key . '">' . $tab_caption . '</a>';
40  			}
41  			?>
42  		</h2>
43  
44 <form method="post" name="<?php echo $current_tab; ?>" action="options.php">
45 <?php 46 wp_nonce_field( 'update-options' );