Description
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
Remediation
References
Related Vulnerabilities
WordPress Plugin Catch Import Export Security Bypass (1.8)
WordPress Plugin Popup box SQL Injection (2.3.3)
Oracle HTTP Server Other Vulnerability (CVE-2006-5348)
WordPress Plugin Caldera Forms-More Than Contact Forms Cross-Site Scripting (1.4.1)
WordPress Plugin Front End Upload Arbitrary File Upload (0.5.4.4)