CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
What the vulnerability does
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_password function. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action such as clicking on a link.
Explanation of Vulnerability in Simple Terms
The Frontend Post Submission Manager Lite plugin for WordPress contains an open redirect vulnerability. An attacker can craft a malicious link that redirects users to an external website after they interact with the plugin. This can be used to phish credentials or distribute malware. The vulnerability affects versions 1.0.0 through 1.2.7.
What an attacker can do
Redirect site visitors to a malicious external website via a crafted link.
Potential impact on your site
Users may be phished or exposed to malware if tricked into following attacker-controlled links.
Conditions required to exploit
Victim must click a malicious link or visit a page containing the redirect.
Key dates
External resources
Related vulnerabilities
