Project: Wordpress Plugin Organize Series 2.5.10

Vulnerability: #7989864 (2018-04-16 16:49:14)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::extract
Risk _POST
/organize-series/orgSeries-taxonomy.php:674 (show/hide source)
654  	wp_reset_series_order_meta_cache('',$series_ID,TRUE);
655  }
656  
657  function wp_insert_series($series_id, $taxonomy_id) {
658  	global $_POST;
659  	$series_icon_loc = '';
660  
661  	extract($_POST, EXTR_SKIP);
662  	$series_icon = isset($_POST['series_icon_loc']) ? $_POST['series_icon_loc'] : null;
663  
664  	if ( isset($series_icon) || $series_icon != '' ) {
665  		$build_path = seriesicons_url();
666  		$series_icon = str_replace($build_path, '', $series_icon);
667  	}
668  
669  	$series_icon = seriesicons_write($series_id, $series_icon);
670  }
671  
672  function wp_update_series($series_id, $taxonomy_id) {
673  	global $_POST;
674 extract($_POST, EXTR_SKIP);
675 if ( empty($series_icon_loc) ) $series_icon_loc = ''; 676 if ( empty($delete_image) ) $delete_image = false;
Threat level 2

Callstack:

@FUNCTION::wp_update_series /organize-series/orgSeries-taxonomy.php:674 (show/hide source)
654  	wp_reset_series_order_meta_cache('',$series_ID,TRUE);
655  }
656  
657  function wp_insert_series($series_id, $taxonomy_id) {
658  	global $_POST;
659  	$series_icon_loc = '';
660  
661  	extract($_POST, EXTR_SKIP);
662  	$series_icon = isset($_POST['series_icon_loc']) ? $_POST['series_icon_loc'] : null;
663  
664  	if ( isset($series_icon) || $series_icon != '' ) {
665  		$build_path = seriesicons_url();
666  		$series_icon = str_replace($build_path, '', $series_icon);
667  	}
668  
669  	$series_icon = seriesicons_write($series_id, $series_icon);
670  }
671  
672  function wp_update_series($series_id, $taxonomy_id) {
673  	global $_POST;
674 extract($_POST, EXTR_SKIP);
675 if ( empty($series_icon_loc) ) $series_icon_loc = ''; 676 if ( empty($delete_image) ) $delete_image = false;