WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact
WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure

Description

The All In One WP Security & Firewall plugin suffers from open redirect and exposure of the actual URL of the "hidden login page" feature.

Edit (WPScanTeam)
October 3rd, 2019 - Email sent to dev via https://wpsolutions-hq.com/contact/
October 8th - Dev ACK & investigating it
October 8th - v4.4.2 released, fixing the issues (confirmed by researcher)

Proof of Concept

If a site has the plugin enabled, visiting https://site.com/?aiowpsec_do_log_out=1&after_logout=https://evilsite.com will redirect the user to evilsite.com. If the rename login page feature is enabled, then the URL https://site.com/?aiowpsec_do_log_out=1&al_additional_data=1 will redirect the user to the "hidden" login page.

A live proof of concept can be found on the site of one of the developers of the plugin. http://wpsolutions-hq.com/?aiowpsec_do_log_out=1&after_logout=https://www.google.com to get redirected to www.google.com and http://wpsolutions-hq.com/?aiowpsec_do_log_out=1&al_additional_data=1 to get redirected to the admin page. 

Affects Plugins

all-in-one-wp-security-and-firewall
Fixed in version 4.4.2

Classification

Type

REDIRECT

OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Verified

No

WPVDB ID
467673ad-d0ad-46a3-80c7-8ebb3813a4b3

Timeline

Publicly Published

2019-10-08 (about 2 years ago)

Added

2019-10-08 (about 2 years ago)

Last Updated

2019-10-08 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin
WPScan

Vulnerabilities

WordPressPluginsThemesOur StatsSubmit vulnerabilities

About

How it worksPricingWordPress pluginNewsContact

For Developers

StatusAPI detailsCLI scanner

Other

PrivacyTerms of serviceSubmission termsDisclosure policyPrivacy Notice for California Users
jetpackIn partnership with Jetpack
githubtwitterfacebook
Angithubendeavor
Work With Us