VULHUB ™

## Homepage: ## https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/ ## Description: ## Type user access: any user. $_POST[‘cat_id’] is not escaped. Is accessible for any user. ## File / Code: ## Path: /wp-content/wp-support-plus-responsive-ticket-system/includes/admin/wpsp_getCatName.php Line: 4 <?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly global $wpdb; $category = $wpdb->get_row( "SELECT * FROM {$wpdb->prefix}wpsp_catagories where id=".$_POST['cat_id'] ); echo stripcslashes($category->name); ?> ## Proof of Concept: ## 1 – Usingo form html:  2 – Using Postman ( Plugin for request of chrome ) 

## Homepage: ## https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/ ## Description: ## Type user access: any user. $_POST[‘cat_id’] is not escaped. Is accessible for any user. ## File / Code: ## Path: /wp-content/wp-support-plus-responsive-ticket-system/includes/admin/wpsp_getCatName.php Line: 4 <?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly global $wpdb; $category = $wpdb->get_row( "SELECT * FROM {$wpdb->prefix}wpsp_catagories where id=".$_POST['cat_id'] ); echo stripcslashes($category->name); ?> ## Proof of Concept: ## 1 – Usingo form html:  2 – Using Postman ( Plugin for request of chrome )