WordPress Attitude 1.1.1 - Open Redirect

What is the "WordPress Attitude 1.1.1 - Open Redirect?"

The "WordPress Attitude 1.1.1 - Open Redirect" module is designed to detect an open redirect vulnerability in the WordPress Attitude theme version 1.1.1. This vulnerability allows an attacker to redirect users to malicious websites, potentially leading to phishing attacks or the installation of malware.

This module targets the WordPress Attitude theme version 1.1.1 and is considered to have a medium severity level.

Impact

An open redirect vulnerability in the WordPress Attitude theme version 1.1.1 can have serious consequences. It can be exploited by attackers to deceive users into visiting malicious websites that appear legitimate. This can result in the theft of sensitive information, such as login credentials, or the installation of malware on the user's device.

How the module works?

The "WordPress Attitude 1.1.1 - Open Redirect" module works by sending a GET request to the following path: /wp-content/themes/Attitude/go.php?https://interact.sh/. It then checks the response headers for a specific pattern using a regular expression matcher.

The matching condition in this module checks if the response header contains a "Location" header that redirects to a URL containing "interact.sh". If a match is found, the module reports the vulnerability.

This module is part of the Vidoc platform, which uses multiple modules to perform scanning and detect various types of vulnerabilities, misconfigurations, and software fingerprints.