Create eventticket-open-redirect.yaml

vulnerabilities/wordpress/eventticket-open-redirect.yaml

@@ -0,0 +1,20 @@
+id: eventticket-open-redirect
+
+info:
+  name: Event Tickets < 5.2.2 - Open Redirect
+  author: dhiyaneshDk
+  severity: low
+  description: The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue
+  reference: https://wpscan.com/vulnerability/80b0682e-2c3b-441b-9628-6462368e5fc7
+  tags: wordpress,redirect,wp-plugin,eventticket
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-admin/admin.php?page=wp_ajax_rsvp-form&tribe_tickets_redirect_to=https://example.com"
+
+    matchers:
+      - type: regex
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
+        part: header