Description

WordPress Plugin Qode Twitter Feed (embeded in Bridge-Creative Multi-Purpose WordPress Theme) is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Qode Twitter Feed (embeded in Bridge-Creative Multi-Purpose WordPress Theme) version 2.0.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.2 (theme version 18.2.1) or latest, or delete the redirect script

References

https://www.wordfence.com/blog/2019/10/open-redirect-vulnerability-patched-in-bridge-theme/

Related Vulnerabilities

WordPress Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-17675)

WordPress Plugin Music Store Open Redirect (1.0.14)

Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-8184)

WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.4)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2983)

Severity

High

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Url Redirection