The plugin does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability
Log In: 1. Visit /login?redirect_to=//example.com
2. Log in as a user with lower privileges than Administrator. 3. See that the browser is redirected to example.com
Log Out: 1. When logged in to the site, visit /wp-admin?piereg_logout_url=true&redirect;_to=//example.com
2. See that the browser is redirected to example.com
CPE | Name | Operator | Version |
---|---|---|---|
pie-register | lt | 3.8.2.3 |