The plugin does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue
https://example.com/?noptin_ns=email_click&to;=https://wpscan.com
CPE | Name | Operator | Version |
---|---|---|---|
newsletter-optin-box | lt | 1.6.5 |