WordPress StageShow 5.0.8 Open Redirect

`# Title: Open redirect vulnerability in StageShow Wordpress plugin v5.0.8  
# Submitter: Nitin Venkatesh  
# Product: StageShow Wordpress Plugin  
# Product URL: https://wordpress.org/plugins/stageshow  
# Vulnerability Type: URL Redirection to Untrusted Site ('Open Redirect')  
[CWE-601]  
# Affected Versions: v5.0.8 and possibly below  
# Tested Version: v5.0.8  
# Fixed Version: v5.0.9  
# Link to source code diff:  
https://plugins.trac.wordpress.org/changeset/1165310  
# Link to changelog: https://wordpress.org/plugins/stageshow/changelog/  
# CVE Status: None/Unassigned/Fresh  
  
## Product Information  
  
StageShow adds the facility for an online Box-Office for Small  
Theatres/Drama Groups, records sales, validates tickets and provides sales  
downloads.  
  
## Vulnerability Description  
  
Open redirect vulnerability in stageshow_redirect.php file using url  
parameter  
  
## Vulnerable Source Code  
  
31 $url = urldecode($_GET['url']);  
..  
34 Redirect($url, true);  
35  
36 function Redirect($url, $permanent = false)  
37 {  
38 header('Location: ' . $url, true, $permanent ? 301 : 302);  
39 die;  
40 }  
  
## Proof of Concept  
  
Sample exploit GET request:  
  
GET  
/wp-content/plugins/stageshow/stageshow_redirect.php?url=http%3A%2F%2F2buntu.com  
  
## Solution:  
  
Upgrade to v5.0.9  
  
## Disclosure Timeline:  
  
2015-05-19 - Discovered. Contacted developer on forums  
2015-05-20 - Report mailed to developer  
2015-05-21 - Update v5.0.9 released  
2015-07-05 - Publishing disclosure to FD mailing list  
  
## Disclaimer:  
  
This disclosure is purely meant for educational purposes. I will in no way  
be responsible as to how the information in this disclosure is used.  
  
  
`