Description
WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction version 3.8.2.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.8.2.3 or latest
References
https://wpscan.com/vulnerability/832c6155-a413-4641-849c-b98ba55e8551
https://plugins.svn.wordpress.org/pie-register/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Custom Field Suite Cross-Site Scripting (2.5.14)
MediaWiki Improper Authentication Vulnerability (CVE-2021-30158)
WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.36)
MySQL Other Vulnerability (CVE-2002-0969)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2009-3294)