WordPress Plugin Vulnerabilities
Pie Register < 3.8.2.3 - Open Redirect
Description
The plugin does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability
Proof of Concept
Log In: 1. Visit `/login?redirect_to=//example.com` 2. Log in as a user with lower privileges than Administrator. 3. See that the browser is redirected to `example.com` Log Out: 1. When logged in to the site, visit `/wp-admin?piereg_logout_url=true&redirect_to=//example.com` 2. See that the browser is redirected to `example.com`
Affects Plugins
References
CVE
Classification
Type
REDIRECT
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Omar Amin
Submitter
Omar Amin
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-02-06 (about 1 years ago)
Added
2023-02-06 (about 1 years ago)
Last Updated
2023-02-06 (about 1 years ago)