Description
WordPress Plugin Qode Instagram Widget (embeded in Bridge-Creative Multi-Purpose WordPress Theme) is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Qode Instagram Widget (embeded in Bridge-Creative Multi-Purpose WordPress Theme) version 2.0.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.2 (theme version 18.2.1) or latest, or delete the redirect script
References
Related Vulnerabilities
WordPress Plugin Block wp-login Cross-Site Request Forgery (1.3.0)
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)
WordPress 4.0.x Cross-Domain Flash Injection Vulnerability (4.0 - 4.0.21)
MongoDb Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-7926)
Liferay Portal Missing Authorization Vulnerability (CVE-2022-39975)