Project: Wordpress Plugin YITH WooCommerce Questions and Answers 1.1.1

Vulnerability: #8830772 (2018-07-12 10:23:13)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _REQUEST
/yith-woocommerce-questions-and-answers/plugin-fw/lib/yit-plugin-panel.php:500 (show/hide source)
480              }
481          }
482  
483  
484          /**
485           * Get current tab
486           *
487           * get the id of tab showed, return general is the current tab is not defined
488           *
489           * @return string
490           * @since  1.0
491           * @author Emanuela Castorina <emanuela.castorina@yithemes.it>
492           */
493          function get_current_tab() {
494              $admin_tabs = array_keys( $this->settings[ 'admin-tabs' ] );
495  
496              if ( !isset( $_GET[ 'page' ] ) || $_GET[ 'page' ] != $this->settings[ 'page' ] ) {
497                  return false;
498              }
499              if ( isset( $_REQUEST[ 'yit_tab_options' ] ) ) {
500 return $_REQUEST[ 'yit_tab_options' ];
501 } elseif ( isset( $_GET[ 'tab' ] ) && isset( $this->_tabs_path_files[ $_GET[ 'tab' ] ] ) ) { 502 return $_GET[ 'tab' ];
Threat level 2

Callstack:

YIT_Plugin_Panel::yit_panel /yith-woocommerce-questions-and-answers/plugin-fw/lib/yit-plugin-panel.php:383 (show/hide source)
363              <?php
364              $custom_tab_action = $this->is_custom_tab( $yit_options, $current_tab );
365              if ( $custom_tab_action ) {
366                  $this->print_custom_tab( $custom_tab_action );
367  
368                  return;
369              }
370              ?>
371              <?php
372              $panel_content_class = apply_filters( 'yit_admin_panel_content_class', 'yit-admin-panel-content-wrap' );
373              ?>
374              <div id="wrap" class="yith-plugin-fw plugin-option yit-admin-panel-container">
375                  <?php $this->message(); ?>
376                  <div class="<?php echo $panel_content_class; ?>">
377                      <h2><?php echo $this->get_tab_title() ?></h2>
378                      <?php if ( $this->is_show_form() ) : ?>
379                          <form id="yith-plugin-fw-panel" method="post" action="options.php">
380                              <?php do_settings_sections( 'yit' ); ?>
381                              <p>&nbsp;</p>
382                              <?php settings_fields( 'yit_' . $this->settings[ 'parent' ] . '_options' ); ?>
383 <input type="hidden" name="<?php echo $this->get_name_field( 'current_tab' ) ?>" value="<?php echo esc_attr( $current_tab ) ?>"/>
384 <input type="submit" class="button-primary" value="<?php _e( 'Save Changes', 'yith-plugin-fw' ) ?>" style="float:left;margin-right:10px;"/> 385 </form>