PieRegister Wordpress plugin - Open Redirect

Credit

This vulnerability has been discovered and reported by Carl Clegg (carl(at)cjc(dot)im)

Timeline

• 2016-11-06 Vendor Notified
• 2016-11-07 Vendor Response
• 2016-11-21 Advisory Published

Product

PieRegister is a Wordpress plugin that creates registration pages and forms for Wordpress sites.

Versions Affected

PieRegister <= 2.0.21

Risk / Severity Rating

CVSS v2: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Description and Impact

An Open Redirect has been found in Pie Register that would allow for the redirection from a site to a potentially malicious page under the control of a third party.

Proof of Concept

By altering the redirect_to parameter the redirect occurs

http://wordpresshost/?piereg_logout_url=true&redirect_to=https://example.com

Solution

Disable the plugin until an upgrade is available

References

• Plugin (No longer available it seems)
• Open Redirects

Legal

The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.

home