Project: Wordpress Plugin Organize Series 2.5.10

Vulnerability: #7989865 (2018-04-16 16:49:16)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::extract
Risk _POST
/organize-series/orgSeries-taxonomy.php:661 (show/hide source)
641  
642  function wp_create_single_series($series_name) {
643  	if ($id = series_exists($series_name) )
644  		return $id;
645  
646  	return wp_insert_term( $series_name, 'series' );
647  }
648  
649  
650  // note following function WILL NOT delete the actual image file from the server.  I don't think it's needed at this point.
651  function wp_delete_series($series_ID, $taxonomy_id) {
652  	global $wpdb;
653  	seriesicons_delete($series_ID);
654  	wp_reset_series_order_meta_cache('',$series_ID,TRUE);
655  }
656  
657  function wp_insert_series($series_id, $taxonomy_id) {
658  	global $_POST;
659  	$series_icon_loc = '';
660  
661 extract($_POST, EXTR_SKIP);
662 $series_icon = isset($_POST['series_icon_loc']) ? $_POST['series_icon_loc'] : null; 663
Threat level 2

Callstack:

@FUNCTION::wp_insert_series /organize-series/orgSeries-taxonomy.php:661 (show/hide source)
641  
642  function wp_create_single_series($series_name) {
643  	if ($id = series_exists($series_name) )
644  		return $id;
645  
646  	return wp_insert_term( $series_name, 'series' );
647  }
648  
649  
650  // note following function WILL NOT delete the actual image file from the server.  I don't think it's needed at this point.
651  function wp_delete_series($series_ID, $taxonomy_id) {
652  	global $wpdb;
653  	seriesicons_delete($series_ID);
654  	wp_reset_series_order_meta_cache('',$series_ID,TRUE);
655  }
656  
657  function wp_insert_series($series_id, $taxonomy_id) {
658  	global $_POST;
659  	$series_icon_loc = '';
660  
661 extract($_POST, EXTR_SKIP);
662 $series_icon = isset($_POST['series_icon_loc']) ? $_POST['series_icon_loc'] : null; 663