WordPress Plugin Vulnerabilities

Landing Page Builder < 1.5.1.6 - Open Redirect

Description

The Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.5.1.5. This is due to insufficient validation on the redirect url supplied via user input or request parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

Plugin icon
page-builder-add
Fixed in 1.5.1.6

References

CVE
CVE-2023-48325
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c1a4d8a3-5553-4b1c-b0f8-d6a372de3692

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
minhtuanact
Verified
No
WPVDB ID
4bc3bc3c-38be-4ac2-b471-6d98b9f32822

Timeline

Publicly Published
2023-11-23 (about 2 years ago)
Added
2023-11-29 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-12-25
Title
Accept Donations with PayPal < 1.5.3 - Unauthenticated Open Redirect
Published
2025-05-07
Title
Integrations of Zoho CRM with Elementor form <= 1.0.8 - Open Redirect
Published
2022-01-17
Title
Noptin < 1.6.5 - Open Redirect
Published
2025-04-01
Title
Integration of Zoho CRM and Contact Form 7 <= 1.0.7 - Open Redirect
Published
2022-04-29
Title
Ultimate Member < 2.3.2 - Open Redirect