Description
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin All-In-One Security (AIOS)-Security and Firewall version 4.4.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.4.2 or latest
References
Related Vulnerabilities
WordPress Plugin Wordable Security Bypass (3.1.1)
WordPress Plugin Auto Group Join Cross-Site Scripting (1.0)
WordPress Plugin Slider Revolution Responsive Local File Inclusion (4.1.4)
WordPress Plugin FunCaptcha-Anti-Spam CAPTCHA Cross-Site Request Forgery (0.3.2)
Atlassian Jira CVE-2019-20402 Vulnerability (CVE-2019-20402)