Headline
CVE-2022-27861: WordPress Ninja Popups plugin <= 4.7.5 - Unauth. Open Redirect vulnerability - Patchstack
Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions.
Solution
No fix
No patched version is provided by the vendor.
Dave Jong (Patchstack) discovered and reported this Open Redirection vulnerability in WordPress Ninja Popups Plugin. This could allow a malicious actor to redirect users from one site to the other due to the redirect URL not being validated. Users could be tricked to visiting a legitimate site to then be redirected to a malicious site and cause a phishing incident. This vulnerability has not been known to be fixed yet.
No other known vulnerabilities for this pluginReport
WordPress plugin developer?
Start a free security program for your WordPress plugins or request an audit.
Apply for MVDP
Security researcher?
Report to Patchstack Alliance bounty platform and earn monthly cash prizes.
Learn more