cjc.im / advisories / 0001
PieRegister Wordpress plugin - Open Redirect
This vulnerability has been discovered and reported by Carl Clegg (carl(at)cjc(dot)im)
- 2016-11-06 Vendor Notified
- 2016-11-07 Vendor Response
- 2016-11-21 Advisory Published
PieRegister is a Wordpress plugin that creates registration pages and forms for Wordpress sites.
PieRegister <= 2.0.21
Risk / Severity Rating
CVSS v2: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Description and Impact
An Open Redirect has been found in Pie Register that would allow for the redirection from a site to a potentially malicious page under the control of a third party.
Proof of Concept
By altering the redirect_to parameter the redirect occurs
Disable the plugin until an upgrade is available
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.