Plugin Details
Plugin Name: wp-plugin : wp-symposium
Effected Version : 13.12 (and most probably lower version's if any)
Vulnerability : Unvalidated Redirects and Forwards
Minimum Level of Access Required : Contributor
CVE Number :
Identified by : Anantshri
Disclosure Timeline
-
December 15, 2013: Vendor Contacted
- January 28, 2014 : Plugin Updated
- July 7, 2014 : Public Disclosure
Technical Details
http://localhost/wp-content/plugins/wp-symposium/invite.php?u=http://www.google.com
Vulnerable Parameter : u
The vulnerability affects when the user is not logged in.
Fixed in : 14.02
Trac Changelog : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=822756%40wp-symposium&old=820190%40wp-symposium&sfp_email=&sfph_mail=