Description
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin All-In-One Security (AIOS)-Security and Firewall version 4.4.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.4.2 or latest
References
Related Vulnerabilities
Atlassian Jira CVE-2020-29451 Vulnerability (CVE-2020-29451)
Oracle Database Server CVE-2011-0876 Vulnerability (CVE-2011-0876)
Jenkins Improper Input Validation Vulnerability (CVE-2016-0792)
ownCloud Improper Input Validation Vulnerability (CVE-2012-2270)
SharePoint Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-1103)