Description

WordPress Plugin Qode Instagram Widget (embeded in Bridge-Creative Multi-Purpose WordPress Theme) is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Qode Instagram Widget (embeded in Bridge-Creative Multi-Purpose WordPress Theme) version 2.0.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.2 (theme version 18.2.1) or latest, or delete the redirect script

References

https://www.wordfence.com/blog/2019/10/open-redirect-vulnerability-patched-in-bridge-theme/

Related Vulnerabilities

WordPress Plugin Feedweb Cross-Site Scripting (2.4)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.8.6)

WordPress Plugin MSMC-Redirect After Comment Multiple Vulnerabilities (2.1.2)

WordPress Plugin BuddyPress Extended Friendship Request Cross-Site Scripting (1.0.1)

WordPress Plugin Thumbnail carousel slider Arbitrary File Upload (1.0)

Severity

High

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Tags

Missing Update Url Redirection