WordPress ProStore <1.1.3 - Open Redirect

What is the "WordPress ProStore <1.1.3 - Open Redirect" module?

The "WordPress ProStore <1.1.3 - Open Redirect" module is designed to detect an open redirect vulnerability in the WordPress ProStore theme before version 1.1.3. This vulnerability allows an attacker to redirect users to a malicious website, potentially leading to the disclosure of sensitive information, unauthorized data modification, or execution of unauthorized operations. The severity of this vulnerability is classified as low.

This module was authored by 0x_Akoko.

Impact

An open redirect vulnerability in the WordPress ProStore theme can have several negative impacts, including:

- Potential disclosure of sensitive information - Possible modification of data - Execution of unauthorized operations

How does the module work?

The "WordPress ProStore <1.1.3 - Open Redirect" module works by sending an HTTP GET request to the following path: /wp-content/themes/prostore/go.php?https://interact.sh/. It then checks the response headers for a specific pattern using regular expressions. If the response header contains a location that matches the pattern, the module considers it a match.

The matching condition used in this module is a regular expression that looks for the presence of a location header containing a URL that starts with https://interact.sh/. If the condition is met, the module reports the vulnerability.

For more information, you can refer to the WordPress ProStore Open Redirect vulnerability on WPScan.