Password Protected

Name: Password Protected
Type: Redirect not checked
Exploit version: 1.4
Release Date: 22-02-2013
Status: A new version of Password Protected has been released  •

Description:
Input passed via the "redirect_to" parameter when logging in is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Plugin Information

  1. Downloaded: 201549 Times
  2. Current Version: 1.8
  3. Author: Profile
  4. Tested up to: 4.0
  5. Download Plugin

Security Information

  1. Secunia ID: 52335
  2. Credit: Chris Campbell
  • Plugin statistics provided by WordPress.org. Updated within the last day or so.
  • ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository