Description
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin All-In-One Security (AIOS)-Security and Firewall version 4.4.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.4.2 or latest
References
Related Vulnerabilities
WordPress Plugin PowerPress Podcasting by Blubrry Multiple Vulnerabilities (8.4.4)
Apache Tomcat version older than 6.0.18
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0346)
SharePoint Authentication Bypass by Spoofing Vulnerability (CVE-2021-42320)
WordPress Plugin WP Shieldon-WordPress Firewall Cross-Site Scripting (1.6.3)