WordPress Plugin Vulnerabilities
Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect
Description
The plugin does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.
Proof of Concept
[ap-form-message redirect="https://wpscan.com"]
Affects Plugins
References
CVE
Classification
Type
REDIRECT
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
WPScan
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-05-11 (about 1 years ago)
Added
2023-05-11 (about 1 years ago)
Last Updated
2023-05-11 (about 1 years ago)