Themes Vulnerabilities

T1 theme <= 19.0 - Open Redirect

Description

The theme is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites.

Proof of Concept

https://www.example.com/wp-content/themes/t1/page-templates/apply_redirection.php?file=240317005410&url_now=http://google.com&url_js=https://www.evil.com?

Affects Themes

t1
No known fix

References

CVE
CVE-2023-3771

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Vishal Barot vFlexo
Submitter
Vishal Barot vFlexo
Verified
Yes
WPVDB ID
7c6fc499-de09-4874-ab96-bdc24d550cfb

Timeline

Publicly Published
2023-07-19 (about 9 months ago)
Added
2023-07-19 (about 9 months ago)
Last Updated
2023-07-19 (about 9 months ago)

Other

Published
Title
Published
2024-04-12
Title
Freshdesk (official) < 2.4.0 - Open Redirect
Published
2023-11-23
Title
Landing Page Builder < 1.5.1.6 - Open Redirect
Published
2024-04-05
Title
App Builder < 3.8.8 - Open Redirection
Published
2022-02-16
Title
Page Builder KingComposer <= 2.9.6 - Open Redirect
Published
2021-12-22
Title
Event Tickets < 5.2.2 - Open Redirect