Project: Wordpress Plugin WordPress Gift Voucher 1.0.2

Vulnerability: #8147162 (2018-05-16 19:16:31)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _ENV
/home/redeemer/phpsourcerer/src/PhpSourcerer/Simulator/Stubs/Standard.php:110 (show/hide source)
Threat level 0

Callstack:

@FUNCTION::wpgv__doajax_pdf_save_func /gift-voucher/include/pdf.php:212 (show/hide source)
192  	} else if($paymentmethod == 'Sofortuberweisung') {
193  
194  		$Sofortueberweisung = new Sofortueberweisung($setting_options->sofort_configure_key);
195  
196  		$Sofortueberweisung->setAmount($value);
197  		$Sofortueberweisung->setCurrencyCode($setting_options->currency_code);
198  
199  		$Sofortueberweisung->setReason($setting_options->reason_for_payment, $lastid);
200  		$Sofortueberweisung->setSuccessUrl($return_url, true);
201  		$Sofortueberweisung->setAbortUrl($cancel_url);
202  		$Sofortueberweisung->setNotificationUrl($notify_url);
203  
204  		$Sofortueberweisung->sendRequest();
205  
206  		if($Sofortueberweisung->isError()) {
207  			//SOFORT-API didn't accept the data
208  			echo $Sofortueberweisung->getError();
209  		} else {
210  			//buyer must be redirected to $paymentUrl else payment cannot be successfully completed!
211  			$paymentUrl = $Sofortueberweisung->getPaymentUrl();
212 echo $paymentUrl;
213 } 214 }