Event Tickets < 5.2.2 - Open Redirect

2021-12-2200:00:00

Krzysztof Zając

wpscan.com

event tickets

open redirect

arbitrary redirect

vulnerability

security issue

EPSS

0.001

Percentile

45.1%

JSON

The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue

PoC

https://exampel.com/wp-admin/admin.php?page=wp_ajax_rsvp-form&tribe;_tickets_redirect_to=https://wpscan.com

EPSS

0.001

Percentile

45.1%

JSON

Related for WPVDB-ID:80B0682E-2C3B-441B-9628-6462368E5FC7