WordPress Plugin Vulnerabilities

Pie Register < 3.7.2.4 - Open Redirect

Description

The plugin passes unvalidated user input to the wp_redirect() function, without validating it, leading to an Open redirect issue

Proof of Concept

https://example.com/?piereg_logout_url=true&redirect_to=https://wpscan.com

Affects Plugins

Plugin icon
pie-register
Fixed in 3.7.2.4

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
f6efa32f-51df-44b4-bbba-e67ed5785dd4

Timeline

Publicly Published
2021-10-21 (about 2 years ago)
Added
2021-10-21 (about 2 years ago)
Last Updated
2021-10-21 (about 2 years ago)

Other

Published
Title
Published
2021-01-21
Title
Digital Climate Strike WP <= 1.0.0 - Redirect to Malicious Website due to Compromised JS Asset
Published
2024-03-25
Title
WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection
Published
2014-08-01
Title
WPtouch 1.9.27 - 'wptouch_redirect' Parameter URI Redirection
Published
2023-09-01
Title
Login and Logout Redirect <= 2.0.2 - Open Redirect
Published
2015-01-29
Title
WPtouch < 3.7 - Unvalidated Open Redirect