wporg-code-analysis
wporg-code-analysis copied to clipboard
Published
20 hours ago •
WordPress
WordPress
POP chain not flagging
Does this scanner pick up on vulnerable code that can be abused for a POP chain?
i.e
// Check if "cache" cookie is set
if(isset($_COOKIE['mgpf_geo_coockie'])) {
$mdata = unserialize(stripslashes(base64_decode($_COOKIE['mgpf_geo_coockie'])));
if($mdata->ipAddress == $ip && $mdata->service == $mgpf_geo_data['service'])
return $mdata;
}
I made a docker container to do this and grab the latest repo here.
docker run --rm wp-analysis --slug=my-geo-posts-free --report=full --tag=1.2
Running: php bin/check-plugin-by-slug.php --slug=my-geo-posts-free --report=full --tag=1.2
================================================================================
Checking my-geo-posts-free in /tmp/plugin-my-geo-posts-free88cWfI...
================================================================================
FILE: inc/signup.php
--------------------------------------------------------------------------------
FOUND 0 ERRORS AND 4 WARNINGS AFFECTING 3 LINES
--------------------------------------------------------------------------------
28 | WARNING | Unescaped parameter $error_message used in echo
| | $error_message assigned unsafely at line 27:
| | $error_message = $response->get_error_message()
| | $response assigned unsafely at line 7:
| | $response = wp_remote_post( $url, array(
| | 'method' => 'POST',
| | 'timeout' => 45,
| | 'redirection' => 5,
| | 'httpversion' => '1.0',
| | 'blocking' => true,
| | 'headers' => array(),
| | 'body' => array(
| | 'action'=>'plugin_signup_form',
| | 'plugin_name'=>$sunrise->name,
| | 'name' => $_POST['name'],
| | 'email' => $_POST['email'],
| | 'admin_email'=>get_bloginfo('admin_email'),
| | 'blog'=>get_bloginfo('url')
| | ),
| | 'cookies' => array()
| | )
| | )
| | $_POST['name'] used without escaping.
| | $_POST['email'] used without escaping.
| | (WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter)
28 | WARNING | All output should be run through an escaping function (see the
| | Security sections in the WordPress Developer Handbooks), found
| | '"Something went wrong: $error_message"'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
74 | WARNING | Unescaped parameter plugins_url('/images/newsletter.png',
| | __FILE__) used in echo
| | (WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter)
82 | WARNING | Unescaped parameter plugins_url('/images/new_sub_button.png',
| | __FILE__) used in echo
| | (WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter)
--------------------------------------------------------------------------------
FILE: my-geo-posts-free.php
--------------------------------------------------------------------------------
FOUND 0 ERRORS AND 3 WARNINGS AFFECTING 2 LINES
--------------------------------------------------------------------------------
58 | WARNING | Unescaped parameter plugins_url('/inc/images/geo_large.png',
| | __FILE__) used in echo
| | (WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter)
79 | WARNING | Unescaped parameter $mgpf_geo_data['api'] used in echo
| | (WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter)
79 | WARNING | All output should be run through an escaping function (see the
| | Security sections in the WordPress Developer Handbooks), found
| | '$mgpf_geo_data['api']'.
| | (WordPress.Security.EscapeOutput.OutputNotEscaped)
--------------------------------------------------------------------------------
