WordPress Age Gate <2.13.5 - Open Redirect

What is the "WordPress Age Gate <2.13.5 - Open Redirect?"

The "WordPress Age Gate <2.13.5 - Open Redirect" module is designed to detect an open redirect vulnerability in the WordPress Age Gate plugin before version 2.13.5. This vulnerability allows an attacker to redirect users to malicious websites or phishing pages by manipulating the _wp_http_referer parameter after certain actions or when the parameter is invalid or missing. The severity of this vulnerability is classified as medium.

This module was authored by akincibor.

Impact

An open redirect vulnerability in the WordPress Age Gate plugin can have several negative impacts, including:

- Redirecting users to malicious websites or phishing pages - Potential exposure of sensitive user information - Compromising the integrity of the affected WordPress site

How the module works?

The "WordPress Age Gate <2.13.5 - Open Redirect" module works by sending HTTP requests to the "/wp-admin/admin-post.php" path using the POST method. The module includes a matching condition that checks the response header for a specific regex pattern. If the pattern matches, indicating the presence of an open redirect vulnerability, the module will report the vulnerability.

Here is an example of an HTTP request sent by the module:

POST /wp-admin/admin-post.php
Content-Type: application/x-www-form-urlencoded

The module's matching condition checks the response header for the presence of the following regex pattern:

(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$

If the pattern is found in the response header, it indicates the presence of the open redirect vulnerability.