nuclei-templates/vulnerabilities/wordpress/ultimatemember-open-redirec...

22 lines
744 B
YAML
Raw Normal View History

id: ultimatemember-open-redirect
info:
name: Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
author: 0x_Akoko
severity: medium
2021-10-21 11:25:28 +00:00
description: The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirect_to" GET parameter was used.
reference:
- https://wpscan.com/vulnerability/97823f41-7614-420e-81b8-9e735e4c203f
tags: wp-plugin,redirect,wordpress
requests:
- method: GET
path:
- "{{BaseURL}}/register/?redirect_to=https://example.com/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
part: header