Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Newsletter Manager < 1.5 - Unauthenticated Open Redirect" module is designed to detect an open redirect vulnerability in the WordPress Newsletter Manager plugin. This vulnerability allows an attacker to redirect users to malicious websites without authentication, potentially leading to phishing attacks or the exploitation of other vulnerabilities.
This module has a severity level of medium, indicating that while it is not critical, it still poses a significant risk to the security of the affected WordPress installations.
An open redirect vulnerability in the WordPress Newsletter Manager plugin can have several negative impacts, including:
- Redirecting users to malicious websites, potentially leading to phishing attacks or the installation of malware - Exploiting other vulnerabilities in the affected WordPress installation - Damaging the reputation and trust of the website ownerThe module works by sending a specific HTTP request to the target WordPress installation and analyzing the response. It checks if the response contains a redirect header that matches a specific regular expression pattern. If a match is found, the module reports the vulnerability.
Here is an example of the HTTP request sent by the module:
GET /?wp_nlm=confirmation&appurl=aHR0cDovL2ludGVyYWN0LnNo HTTP/1.1
Host: [target_host]
The module uses a regular expression matcher to check if the response header contains a location that matches the pattern:
(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\|\/\\)(?:[a-zA-Z0-9\\-_.@]*)interact\.sh\/?(\/|[^.].*)?$
If the response header matches the pattern, the module reports the vulnerability.
It is important to note that this module only detects the vulnerability and does not attempt to exploit it or provide any fixes or patches.