WordPress Plugin Vulnerabilities

The Events Calendar <= 4.1.1 - Open Redirect

Description

The problem is located in the "tribe-bar-view" parameter that can be used to
redirect a user to an arbitrary website.

Timeline
* 2016-04-04 : Initial contact with Modern Tribe
* 2016-04-05 : Modern Tribe confirms the report
* 2016-04-07 : Modern Tribe publishes a new version (4.1.1.1) that resolves the issue

Proof of Concept

1. Navigate to a website using the Events Calendar.

2. Send the following POST request to the URL:
tribe-bar-view=http://www.evil.com&submit-bar=Find+Events

3. The web browser will be redirected to www.evil.com.

Affects Plugins

Plugin icon
the-events-calendar
Fixed in 4.1.1.1

References

URL
https://github.com/moderntribe/the-events-calendar/commit/9b945d4c4df8c4f3fa35726aa64bbf6c08b9e3a9#diff-eb6b6c90251ab33cee784713c451e6d8R314

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Submitter
Paul Mynarsky
Submitter website
https://www.outpost24.com/
Submitter twitter
https://twitter.com/outpost24
Verified
No
WPVDB ID
59acb0f7-9150-44bd-ba1f-cd944b56ff41

Timeline

Publicly Published
2016-04-25 (about 8 years ago)
Added
2016-04-26 (about 8 years ago)
Last Updated
2019-10-31 (about 4 years ago)

Other

Published
Title
Published
2019-10-08
Title
All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure
Published
2014-08-07
Title
Feed Statistics < 4.0 - Open Redirect
Published
2016-02-02
Title
WordPress 3.7-4.4.1 - Open Redirect
Published
2023-02-06
Title
Pie Register < 3.8.2.3 - Open Redirect
Published
2024-04-29
Title
Share This Image <= 1.98 - Open Redirect