Title: Code Execution Vulnerability
Last modified: August 30, 2016

---

# Code Execution Vulnerability

 *  Resolved [aloushi](https://wordpress.org/support/users/aloushi/)
 * (@aloushi)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/code-execution-vulnerability/)
 * Hello, working on your plugins i found this plugin to be vulnerable to Code Execution:
   (
   Userinput is used as dynamic function name. Arbitrary functions may be called.)
 * An attacker might execute arbitrary PHP code with this vulnerability. User tainted
   data is embedded into a function that compiles PHP code on the run and executes
   it thus allowing an attacker to inject own PHP code that will be executed. This
   vulnerability can lead to full server compromise.
 * Code:
 * >  ** $page = str_replace(SB_WE_PLUGIN_DIRNAME, ”, trim($_REQUEST[‘page’])); **
   > 
   > echo $sb_we_admin_start; ** echo $page(); **
 * [OWASP](https://www.owasp.org/index.php/Code_Injection)
    Best Regards [https://wordpress.org/plugins/welcome-email-editor/](https://wordpress.org/plugins/welcome-email-editor/)

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [Sean Barton](https://wordpress.org/support/users/seanbarton/)
 * (@seanbarton)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/code-execution-vulnerability/#post-6378464)
 * Yup I see.. thanks for this. I’ll get it looked at today and push a new version.
 * cheers
    S
 *  [Sean Barton](https://wordpress.org/support/users/seanbarton/)
 * (@seanbarton)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/code-execution-vulnerability/#post-6378465)
 * Just had a look into this. You are correct in that it would cause an issue if
   it were accessible. However, because that page is strictly admin only (manage_options
   capability) then actually the only person that could use that URL parameter would
   be an administrator anyway. I’ve removed the code but it wasn’t a gaping security
   hole luckily 🙂
 * ta
    S
 *  Thread Starter [aloushi](https://wordpress.org/support/users/aloushi/)
 * (@aloushi)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/code-execution-vulnerability/#post-6378502)
 * Yes, but still i thought it needed to be reported 🙂
 *  [Sean Barton](https://wordpress.org/support/users/seanbarton/)
 * (@seanbarton)
 * [10 years, 10 months ago](https://wordpress.org/support/topic/code-execution-vulnerability/#post-6378513)
 * Yes.. thanks 🙂

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Code Execution Vulnerability’ is closed to new replies.

 * ![](https://ps.w.org/welcome-email-editor/assets/icon-256x256.png?rev=3015931)
 * [Swift SMTP (formerly Welcome Email Editor)](https://wordpress.org/plugins/welcome-email-editor/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/welcome-email-editor/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/welcome-email-editor/)
 * [Active Topics](https://wordpress.org/support/plugin/welcome-email-editor/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/welcome-email-editor/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/welcome-email-editor/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [Sean Barton](https://wordpress.org/support/users/seanbarton/)
 * Last activity: [10 years, 10 months ago](https://wordpress.org/support/topic/code-execution-vulnerability/#post-6378513)
 * Status: resolved