Description
WordPress Plugin Qode Instagram Widget (embeded in Bridge-Creative Multi-Purpose WordPress Theme) is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Qode Instagram Widget (embeded in Bridge-Creative Multi-Purpose WordPress Theme) version 2.0.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.2 (theme version 18.2.1) or latest, or delete the redirect script
References
Related Vulnerabilities
WordPress Plugin Ad Manager by WD-Advanced Ad Manager Multiple Vulnerabilities (1.0.11)
WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Request Forgery (2.2.18)
ZenCart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-11675)
WordPress Plugin Titan Framework Cross-Site Scripting (1.7.5)