Description

WordPress Plugin Daily Inspiration Generator is prone to an open redirect vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Daily Inspiration Generator version 2.0 is vulnerable; prior versions may also be affected.

Remediation

Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available

References

https://codevigilant.com/disclosure/wp-plugin-daily-inspiration-generator-a10-unvalidated-redirects-and-forwards/

Related Vulnerabilities

Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-29450)

WordPress Plugin WP Affiliate Platform Multiple Vulnerabilities (6.3.9)

WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)

WordPress Plugin WP Frontend Profile Security Bypass (1.2.1)

WordPress Plugin SocialFit 'msg' Parameter Cross-Site Scripting (1.2.2)

Severity

High

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Url Redirection