WordPress WP-JS-External-Link-Info 2.2.0 Open Redirection

WordPress WP-JS-External-Link-Info plugin version 2.2.0 suffers from an open redirection vulnerability.


MD5 | 7b8928a35239713b63887fba1e32b196

####################################################################

# Exploit Title : WordPress WP-JS-External-Link-Info Plugins 2.2.0 Open Redirection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 14/02/2019
# Vendor Homepage : finewebdev.com
# Software Download Link : downloads.wordpress.org/plugin/wp-external-links.1.81.zip
downloads.wordpress.org/plugin/wp-external-links.2.2.0.zip
# Software Information Link : wordpress.org/plugins/wp-external-links/
# Software Version : 1.21 - 1.81 - 2.2.0 and all previous versions.
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/wp-js-external-link-info''
# Vulnerability Type : CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

####################################################################

# Description about Software :
***************************
WP External Links (nofollow new tab seo) is open source software.

Manage external and internal links on your site.

####################################################################

# Impact :
***********
WordPress Plugin WP Js External Link Info is prone to an open redirect vulnerability

because the application fails to properly verify user-supplied input.

Exploiting this issue may allow attackers to redirect users to arbitrary web sites

and conduct phishing attacks; other attacks are also possible.

WordPress Plugin WP Js External Link Info version 1.21 - 1.81 and 2.2.0 is

vulnerable; prior versions may also be affected.

####################################################################

# Open Redirection Exploit :
*************************

/wp-content/plugins/wp-js-external-link-info/redirect.php?url=https://{OPEN-REDIRECTION}.gov

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################

Related Posts