WordPress Plugin Vulnerabilities

Ninja Popups <= 4.7.5 - Unauthenticated Open Redirect

Description

The plugin does not properly validate a redirect url, allowing unauthenticated attackers to redirect users to potentially malicious sites by clicking a link.

Affects Plugins

Plugin icon
arscode-ninja-popups
No known fix

References

CVE
CVE-2022-27861
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/arscode-ninja-popups/ninja-popups-475-open-redirect

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
5f930b82-775d-4c25-9dfb-15ee81a1a601

Timeline

Publicly Published
2023-07-18 (about 10 months ago)
Added
2023-08-10 (about 9 months ago)
Last Updated
2023-08-10 (about 9 months ago)

Other

Published
Title
Published
2022-01-17
Title
Noptin < 1.6.5 - Open Redirect
Published
2014-08-07
Title
Feed Statistics < 4.0 - Open Redirect
Published
2019-09-05
Title
WordPress 5.2.2 - Potential Open Redirect
Published
2021-05-31
Title
The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
Published
2023-09-01
Title
Login and Logout Redirect <= 2.0.2 - Open Redirect