Description
WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction version 3.8.2.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.8.2.3 or latest
References
https://wpscan.com/vulnerability/832c6155-a413-4641-849c-b98ba55e8551
https://plugins.svn.wordpress.org/pie-register/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin PowerPress Podcasting by Blubrry Multiple Vulnerabilities (8.4.4)
Drupal Core 5.x SQL Injection (5.0 - 5.3)
WordPress Plugin 10Web Map Builder for Google Maps Security Bypass (1.0.63)
WordPress Plugin GD bbPress Attachments Cross-Site Scripting (2.5)
WordPress Plugin Team Members Unspecified Vulnerability (2.1.2)