WordPress eCommerce Music Store <=1.0.14 - Open Redirect

What is the "WordPress eCommerce Music Store <=1.0.14 - Open Redirect?"

The "WordPress eCommerce Music Store <=1.0.14 - Open Redirect" module is designed to detect an open redirect vulnerability in the WordPress eCommerce Music Store plugin. This vulnerability allows an attacker to redirect users to malicious websites, potentially leading to phishing attacks or the installation of malware.

This module has a medium severity level, indicating that it poses a moderate risk to the security of the affected website.

Impact

If exploited, this vulnerability can be used by attackers to trick users into visiting malicious websites. This can result in the theft of sensitive information, such as login credentials or financial data, or the installation of malware on the user's device.

How the module works?

The module works by sending a GET request to the vulnerable endpoint of the WordPress eCommerce Music Store plugin. It then checks the response headers for a specific regex pattern that indicates an open redirect vulnerability. If the pattern is found, the module reports the vulnerability.

Here is an example of the HTTP request sent by the module:

GET /wp-content/plugins/music-store/ms-core/ms-submit.php HTTP/1.1
Host: {%Hostname%}
Referer: https://interact.sh

The module uses a regex pattern to match the "Location" header in the response, looking for URLs that redirect to the "interact.sh" domain. If a match is found, the module identifies it as an open redirect vulnerability.

If you are using the WordPress eCommerce Music Store plugin, it is recommended to update to the latest version to mitigate this vulnerability.