The wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
http://mysite.com/wp-admin/admin-ajax.php?client_id=1&redirect=https://google.com&action=nf_oauth_connect
Chloe Chamberland
Chloe Chamberland
Yes
2021-02-16 (about 2 years ago)
2021-02-17 (about 2 years ago)
2021-02-19 (about 2 years ago)