The Travelpayouts: All Travel Brands in One Place...
Moderate severity
Unreviewed
Published
Mar 20, 2024
to the GitHub Advisory Database
•
Updated Aug 1, 2024
Description
Published by the National Vulnerability Database
Mar 20, 2024
Published to the GitHub Advisory Database
Mar 20, 2024
Last updated
Aug 1, 2024
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
References