Project: Wordpress Plugin WooCurrency 1.0.2

Vulnerability: #8830752 (2018-07-12 09:50:17)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _REQUEST
/woocurrency/assets/lws-adminpanel/editlist/class-pager.php:67 (show/hide source)
47  		//error_log(print_r($this,true));
48  	}
49  
50  	/** @return a string with html for page navigation snippet */
51  	public function navDiv($rcount, $currentLimit = null)
52  	{
53  		if( is_null($currentLimit) )
54  			$currentLimit = $this->readLimit();
55  		$last = false;
56  		if( $rcount >= 0 )
57  			$last = $this->page(max(0,$rcount-1), $currentLimit->count);
58  		$index = $this->page($currentLimit->offset, $currentLimit->count);
59  
60  		$str = "<div class='lws-tablenav'>";
61  		$str .= "<div class='lws-tablenav-ipp'>";
62  		$str .= $this->snippetPerPage($currentLimit->count);
63  		$str .= "</div>";
64  		$str .= "<div class='lws-tablenav-pages'>";
65  
66  		if( $last !== false ) // total
67 $str .= $this->snippetTotal($rcount);
68 69 $str .= "<span class='lws-pagination-links'>";
Threat level 2

Callstack:

LWS\Adminpanel\EditList::filters /woocurrency/assets/lws-adminpanel/editlist.php:163 (show/hide source)
143  	protected function filters(&$rcount, &$limit, $above=true)
144  	{
145  		$class = $above ? " lws-editlist-above" : " lws-editlist-below";
146  		if( !is_null($this->m_PageDisplay) )
147  		{
148  			echo "<div class='lws-editlist-filters$class {$this->m_Id}-filters'>";
149  			echo "<div class='lws-editlist-filters-first-line'>";
150  			foreach( \apply_filters('lws_adminpanel_editlist_filters_'.$this->slug, $this->m_Filters) as $filter )
151  			{
152  				$c = $filter->cssClass();
153  				echo "<div class='$c'>";
154  				echo $filter->input();
155  				echo "</div>";
156  			}
157  			if( is_null($limit) )
158  			{
159  				$rcount = \apply_filters('lws_adminpanel_editlist_total_'.$this->slug, $this->m_Source->total());
160  				$limit = $this->m_PageDisplay->readLimit($rcount);
161  			}
162  			echo "</div>";
163 echo $this->m_PageDisplay->navDiv($rcount, $limit);
164 echo "</div>"; 165 }