WordPress Plugin Vulnerabilities
The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
Description
The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
Proof of Concept
The vulnerable code leading to the open redirect is in the function "redirect_to_tp_custom_password_reset" in "theplus_elementor_addon/includes/plus_addon.php" The url : https://example.com/wp-login.php?action=theplusrp&key=&redirecturl=http://attacker.com&forgoturl=http://attacker.com&login=john with John as a registered user on the WordPress blog, will redirect the user to http://attacker.com
Affects Plugins
References
Classification
Type
REDIRECT
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Nicolas Vidal from TEHTRIS
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-05-31 (about 2 years ago)
Added
2021-05-31 (about 2 years ago)
Last Updated
2021-05-31 (about 2 years ago)