WordPress Plugin Vulnerabilities

Travelpayouts <= 1.1.16 - Open Redirect

Description

The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Proof of Concept

https://example.com/?travelpayouts_redirect=https://kazet.cc

Affects Plugins

Plugin icon
travelpayouts
No known fix

References

CVE
CVE-2024-0337

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Original Researcher
Krzysztof Zając (CERT PL)
Submitter
Krzysztof Zając (CERT PL)
Submitter website
https://cert.pl
Submitter twitter
cert_polska_en
Verified
Yes
WPVDB ID
2f17a274-8676-4f4e-989f-436030527890

Timeline

Publicly Published
2024-02-28 (about 2 months ago)
Added
2024-02-28 (about 2 months ago)
Last Updated
2024-03-08 (about 1 months ago)

Other

Published
Title
Published
2021-01-21
Title
Digital Climate Strike WP <= 1.0.0 - Redirect to Malicious Website due to Compromised JS Asset
Published
2024-04-05
Title
App Builder < 3.8.8 - Open Redirection
Published
2024-04-12
Title
Freshdesk (official) <= 2.3.4 - Open Redirect
Published
2021-12-20
Title
AnyComment < 0.3.5 - Open Redirect
Published
2015-06-05
Title
Freshdesk Support < 1.8 - Open Redirect