WordPress Plugin Vulnerabilities

WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection

Description

The plugin does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL

Proof of Concept

1) Create a new post
2) In the "Bussness Name" field enter the payload: `0;http://smth.me/" HTTP-EQUIV="refresh" a="a)`
3) Save the post and view it. You will see that you are redirected.

Affects Plugins

Plugin icon
wp-customer-reviews
Fixed in 3.7.1

References

CVE
CVE-2024-1849

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://research.cleantalk.org
Verified
Yes
WPVDB ID
e6d9fe28-def6-4f25-9967-a77f91899bfe

Timeline

Publicly Published
2024-03-25 (about 1 months ago)
Added
2024-03-25 (about 1 months ago)
Last Updated
2024-03-25 (about 1 months ago)

Other

Published
Title
Published
2021-10-21
Title
Pie Register < 3.7.2.4 - Open Redirect
Published
2020-08-12
Title
Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
Published
2022-03-29
Title
English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect
Published
2016-06-21
Title
WordPress 4.5.2 - Redirect Bypass
Published
2016-04-25
Title
The Events Calendar <= 4.1.1 - Open Redirect