Description

WordPress Plugin Qode Twitter Feed (embeded in Bridge-Creative Multi-Purpose WordPress Theme) is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Qode Twitter Feed (embeded in Bridge-Creative Multi-Purpose WordPress Theme) version 2.0.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.2 (theme version 18.2.1) or latest, or delete the redirect script

References

https://www.wordfence.com/blog/2019/10/open-redirect-vulnerability-patched-in-bridge-theme/

Related Vulnerabilities

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9044)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.6)

WordPress 4.5.x Denial of Service Vulnerability (4.5 - 4.5.13)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.6)

WordPress Plugin Salon Booking System Arbitrary File Upload (10.2)

Severity

High

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Url Redirection