WordPress Plugin Vulnerabilities

Event Tickets < 5.2.2 - Open Redirect

Description

The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue

Proof of Concept

https://exampel.com/wp-admin/admin.php?page=wp_ajax_rsvp-form&tribe_tickets_redirect_to=https://wpscan.com

Affects Plugins

Plugin icon
event-tickets
Fixed in 5.2.2

References

CVE
CVE-2021-25028

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
80b0682e-2c3b-441b-9628-6462368e5fc7

Timeline

Publicly Published
2021-12-22 (about 2 years ago)
Added
2021-12-22 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)

Other

Published
Title
Published
2023-02-27
Title
WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect
Published
2020-03-31
Title
WordPress SEO Plugin - Rank Math < 1.0.41 - Redirect Creation via Unprotected REST API Endpoint
Published
2020-08-12
Title
Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
Published
2024-05-13
Title
WP Compress – Image Optimizer [All-In-One] < 6.20.02 - Open Redirect via css
Published
2022-02-16
Title
Page Builder KingComposer <= 2.9.6 - Open Redirect