The plugin did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
The vulnerable code leading to the open redirect is in the function “redirect_to_tp_custom_password_reset” in “theplus_elementor_addon/includes/plus_addon.php” The url : https://example.com/wp-login.php?action=theplusrp&key;=&redirecturl;=http://attacker.com&forgoturl;=http://attacker.com&login;=john with John as a registered user on the WordPress blog, will redirect the user to http://attacker.com
CPE | Name | Operator | Version |
---|---|---|---|
theplus_elementor_addon | lt | 4.1.10 |