WordPress Plugin Vulnerabilities

Event Tickets < 5.2.2 - Open Redirect

Description

The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue

Proof of Concept

https://exampel.com/wp-admin/admin.php?page=wp_ajax_rsvp-form&tribe_tickets_redirect_to=https://wpscan.com

Affects Plugins

event-tickets

Fixed in version 5.3.0.1

References

CVE

CVE-2021-25028

Classification

Type

REDIRECT

OWASP top 10

A1: Injection

CWE

CWE-601

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

80b0682e-2c3b-441b-9628-6462368e5fc7

Timeline

Publicly Published

2021-12-22 (about 9 months ago)

Added

2021-12-22 (about 9 months ago)

Last Updated

2022-04-13 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin