Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
1. Add a form to a footer widget area 2. Disable JavaScript 3. Access the URL: https://example.com/%0a/google.com
4. Fill out the form and submit 5. The browser will be redirected to google.com
CPE | Name | Operator | Version |
---|---|---|---|
eq | 5.9.5 |