Newsletter 3.7.0 - Open Redirect



Description
The Newsletter plugin is susceptible to an Open Redirect vulnerability. This issue is due to the fact user input it taken, and trusted, without validation.

This user input is used when tracking link clicks, via the ‘newsletter/statistics/link.php’ script. User input is Base64 encoded, and split on the ‘;’ character, the third column of which can be manipulated in order to control where the user is redirected to.

Affects Plugin

fixed in version 3.8.3

References

URL https://research.g0blin.co.uk/g0blin-00039/
URL https://plugins.trac.wordpress.org/changeset/1190491/newsletter

Classification

Type REDIRECT
CWE CWE-601

Miscellaneous

Submitter James Hooker
Submitter Website https://research.g0blin.co.uk
Submitter Twitter g0blinResearch
Views 5124
Verified No
WPVDB ID 7868

Timeline

Publicly Published 2015-03-30 (over 4 years ago)
Added 2015-03-30 (over 4 years ago)
Last Updated 2015-07-12 (over 4 years ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin