Project: Wordpress Plugin YITH WooCommerce Questions and Answers 1.1.1

Vulnerability: #8830768 (2018-07-12 10:23:12)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/yith-woocommerce-questions-and-answers/plugin-fw/lib/yit-plugin-panel.php:502 (show/hide source)
482  
483  
484          /**
485           * Get current tab
486           *
487           * get the id of tab showed, return general is the current tab is not defined
488           *
489           * @return string
490           * @since  1.0
491           * @author Emanuela Castorina <emanuela.castorina@yithemes.it>
492           */
493          function get_current_tab() {
494              $admin_tabs = array_keys( $this->settings[ 'admin-tabs' ] );
495  
496              if ( !isset( $_GET[ 'page' ] ) || $_GET[ 'page' ] != $this->settings[ 'page' ] ) {
497                  return false;
498              }
499              if ( isset( $_REQUEST[ 'yit_tab_options' ] ) ) {
500                  return $_REQUEST[ 'yit_tab_options' ];
501              } elseif ( isset( $_GET[ 'tab' ] ) && isset( $this->_tabs_path_files[ $_GET[ 'tab' ] ] ) ) {
502 return $_GET[ 'tab' ];
503 } elseif ( isset( $admin_tabs[ 0 ] ) ) { 504 return $admin_tabs[ 0 ];
Threat level 2

Callstack:

YIT_Plugin_SubPanel::yit_panel /yith-woocommerce-questions-and-answers/plugin-fw/lib/yit-plugin-subpanel.php:154 (show/hide source)
134              <?php
135              $custom_tab_action = $this->is_custom_tab( $yit_options, $current_tab );
136              if ( $custom_tab_action ) {
137                  $this->print_custom_tab( $custom_tab_action );
138  
139                  return;
140              }
141              ?>
142              <?php
143              $panel_content_class = apply_filters( 'yit_admin_panel_content_class', 'yit-admin-panel-content-wrap' );
144              ?>
145              <div id="wrap" class="yith-plugin-fw plugin-option yit-admin-panel-container">
146                  <?php $this->message(); ?>
147                  <div class="<?php echo $panel_content_class; ?>">
148                      <h2><?php echo $this->get_tab_title() ?></h2>
149                      <?php if ( $this->is_show_form() ) : ?>
150                          <form id="yith-plugin-fw-panel" method="post" action="options.php">
151                              <?php do_settings_sections( 'yit' ); ?>
152                              <p>&nbsp;</p>
153                              <?php settings_fields( 'yit_' . $this->settings[ 'parent' ] . '_options' ); ?>
154 <input type="hidden" name="<?php echo $this->get_name_field( 'current_tab' ) ?>" value="<?php echo esc_attr( $current_tab ) ?>"/>
155 <input type="submit" class="button-primary" value="<?php _e( 'Save Changes', 'yith-plugin-fw' ) ?>" style="float:left;margin-right:10px;"/> 156 </form>