Noptin < 1.6.5 - Open Redirect

2022-01-1700:00:00

Channchan

noptin plugin

open redirect

security exploit

EPSS

0.001

Percentile

43.5%

The plugin does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue

https://example.com/?noptin_ns=email_click&to=https://wpscan.com

References

plugins.trac.wordpress.org/changeset/2639592

EPSS

0.001

Percentile

43.5%

Related for WPEX-ID:C2D2384C-41B9-4AAF-B918-C1CFDA58AF5C