WordPress Plugin Vulnerabilities
English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect
Description
The plugin does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
Proof of Concept
https://example.com/wp-admin/admin-ajax.php?action=heartbeat&admin_custom_language_toggle=1&admin_custom_language_return_url=https://wpscan.com
Affects Plugins
Fixed in version 1.5.2 - plugin closed
References
Classification
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
Timeline
Publicly Published
2022-03-29 (about 1 months ago)
Added
2022-03-29 (about 1 months ago)
Last Updated
2022-04-08 (about 1 months ago)