Project: Wordpress Plugin YITH WooCommerce Questions and Answers 1.1.1

Vulnerability: #8830771 (2018-07-12 10:23:12)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::extract
Risk _REQUEST
/yith-woocommerce-questions-and-answers/plugin-fw/lib/yit-plugin-panel-wc.php:207 (show/hide source)
187              }
188  
189              $screen_ids[] = $admin_page_hooks[ $this->settings[ 'parent_page' ] ] . '_page_' . $this->settings[ 'page' ];
190  
191              return $screen_ids;
192          }
193  
194          /**
195           * Returns current active tab slug
196           *
197           * @return string
198           * @since    2.0.0
199           * @author   Andrea Grillo      <andrea.grillo@yithemes.com>
200           * @author   Antonio La Rocca   <antonio.larocca@yithemes.com>
201           */
202          public function get_current_tab() {
203              global $pagenow;
204              $tabs = $this->get_available_tabs();
205  
206              if ( $pagenow == 'admin.php' && isset( $_REQUEST[ 'tab' ] ) && in_array( $_REQUEST[ 'tab' ], $tabs ) ) {
207 return $_REQUEST[ 'tab' ];
208 } else { 209 return $tabs[ 0 ];
Threat level 2

Callstack:

YIT_Plugin_Panel_WooCommerce::yit_panel /yith-woocommerce-questions-and-answers/plugin-fw/lib/yit-plugin-panel-wc.php:137 (show/hide source)
117           * Show a tabbed panel to setting page
118           *
119           * a callback function called by add_setting_page => add_submenu_page
120           *
121           * @return   void
122           * @since    1.0
123           * @author   Andrea Grillo      <andrea.grillo@yithemes.com>
124           * @author   Antonio La Rocca   <antonio.larocca@yithemes.com>
125           */
126          public function yit_panel() {
127              $additional_info = array(
128                  'current_tab'    => $this->get_current_tab(),
129                  'available_tabs' => $this->settings[ 'admin-tabs' ],
130                  'default_tab'    => $this->get_available_tabs( true ), //get default tabs
131                  'page'           => $this->settings[ 'page' ]
132              );
133  
134              $additional_info                      = apply_filters( 'yith_admin_tab_params', $additional_info );
135              $additional_info[ 'additional_info' ] = $additional_info;
136  
137 extract( $additional_info );
138 require_once( YIT_CORE_PLUGIN_TEMPLATE_PATH . '/panel/woocommerce/woocommerce-panel.php' ); 139 }