The Events Calendar <= 4.1.1 – Open Redirect | Plugin Vulnerabilities

Description

The problem is located in the "tribe-bar-view" parameter that can be used to
redirect a user to an arbitrary website.

Timeline
* 2016-04-04 : Initial contact with Modern Tribe
* 2016-04-05 : Modern Tribe confirms the report
* 2016-04-07 : Modern Tribe publishes a new version (4.1.1.1) that resolves the issue

Proof of Concept

1. Navigate to a website using the Events Calendar.

2. Send the following POST request to the URL:
tribe-bar-view=http://www.evil.com&submit-bar=Find+Events

3. The web browser will be redirected to www.evil.com.

Affects Plugins

the-events-calendar

Fixed in 4.1.1.1

References

URL

https://github.com/moderntribe/the-events-calendar/commit/9b945d4c4df8c4f3fa35726aa64bbf6c08b9e3a9#diff-eb6b6c90251ab33cee784713c451e6d8R314

Classification

Type

REDIRECT

OWASP top 10

CWE

Miscellaneous

Submitter

Paul Mynarsky

Submitter website

https://www.outpost24.com/

Submitter twitter

https://twitter.com/outpost24

Verified

No

WPVDB ID

59acb0f7-9150-44bd-ba1f-cd944b56ff41

Timeline

Publicly Published

2016-04-25 (about 10 years ago)

Added

2016-04-26 (about 10 years ago)

Last Updated

2019-10-31 (about 6 years ago)

Other

Published

Title

Published

2022-02-16

Title

Page Builder KingComposer <= 2.9.6 - Open Redirect

Published

2016-06-21

Title

WordPress 4.5.2 - Redirect Bypass

Published

2025-04-16

Title

GoodBarber < 1.0.27 - Open Redirect

Published

2023-09-01

Title

Login and Logout Redirect <= 2.0.2 - Open Redirect

Published

2019-05-18

Title

Newsletter Manager < 1.5 - Unauthenticated Open Redirect