Description
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions version 2.0.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.6 or latest
References
Related Vulnerabilities
WordPress Plugin College publisher Import Arbitrary File Upload (0.1)
WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)
WordPress Plugin Category Grid View Gallery TimThumb Arbitrary File Upload (0.1.1)
WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Request Forgery (5.3.6)