Themes Vulnerabilities

T1 theme <= 19.0 - Open Redirect

Description

The theme is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites.

Proof of Concept

https://www.example.com/wp-content/themes/t1/page-templates/apply_redirection.php?file=240317005410&url_now=http://google.com&url_js=https://www.evil.com?

Affects Themes

No known fix

References

Classification

Type
REDIRECT
OWASP top 10
CWE

Miscellaneous

Original Researcher
Vishal Barot vFlexo
Submitter
Vishal Barot vFlexo
Verified
Yes

Timeline

Publicly Published
2023-07-19 (about 9 months ago)
Added
2023-07-19 (about 9 months ago)
Last Updated
2023-07-19 (about 9 months ago)

Other