Description
WordPress Plugin Qode Instagram Widget (embeded in Bridge-Creative Multi-Purpose WordPress Theme) is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Qode Instagram Widget (embeded in Bridge-Creative Multi-Purpose WordPress Theme) version 2.0.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.2 (theme version 18.2.1) or latest, or delete the redirect script
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2005-1383)
Oracle Database Server CVE-2014-4299 Vulnerability (CVE-2014-4299)
WordPress Plugin WP Add Mime Types Cross-Site Request Forgery (2.2.1)
WordPress Plugin Simple Matted Thumbnails Cross-Site Scripting (1.01)
WordPress Plugin GEO Redirector Cross-Site Scripting (1.0.1)