Automattic: Open Redirect in WordPress Feed Statistics {Affected All Versions}

ID H1:22142
Type hackerone
Reporter mtk
Modified 2014-08-07T03:08:40


Hi, Feed Statistics Plugin is vulnerable to Open Redirect and effecting large amount of Websites. Which is the reason it should be patched swiftly. Detail description is given below:

Tested on: Wordpress 3.9.1

Vulnerable Plugin: Feed Statistics

Plugin Link:

Tested on: Firefox 31.0 / Debian, Linux

P.O.C: Like this:

Result Redirect to:

P.O.C P.O.C:

Developer site :)

            Feel free to contact me anytime if there is more info required.