Name: Password Protected
Type: Redirect not checked
Status: A new version of Password Protected has been released •
Description:
Input passed via the "redirect_to" parameter when logging in is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
Type: Redirect not checked
Exploit version: 1.4
Release Date: 22-02-2013 Status: A new version of Password Protected has been released •
Description:
Input passed via the "redirect_to" parameter when logging in is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
Plugin Information
- Downloaded: 52744 Times
- Current Version: 1.5
- Author: Profile
- Tested up to: 3.5.1
- Download Plugin
Security Information
- Secunia ID: 52335
- Credit: Chris Campbell
- Plugin statistics provided by WordPress.org. Updated within the last day or so.
- ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository
