CVE-2023-48325: URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages

A vulnerability has been identified in the popular PluginOps Landing Page Builder, where an attacker can perform a URL redirection to untrusted sites. This malicious practice is known as "Open Redirect," and it can lead to serious security issues.

The affected plugin, Landing Page Builder, allows users to create high-converting landing pages for their WordPress sites. The vulnerability affects the plugin's versions from n/a up to 1.5.1.5.

Exploit Details

The vulnerability in the PluginOps Landing Page Builder allows an attacker to redirect users to untrusted sites by injecting malicious code into vulnerable parameters. This can lead to phishing attacks, where an attacker can trick users into providing sensitive information.

Here is a sample of a vulnerable code snippet

<?php
...
  $return_url = $_GET['return_url'];
  if (!is_valid_url($return_url)) {
    $return_url = "https://www.example.com";;
  }
...
header("Location: " . $return_url);
exit();
?>

An attacker can exploit the vulnerability by sending a crafted link like this

https://www.vulnerable-website.com/login?return_url=https://www.malicious-website.com

Upon clicking on this link, the user will be redirected to the malicious site instead of the legitimate one.

Original References

The vulnerability was reported by the Plugin Vulnerabilities team, who tracked it as CVE-2023-48325. You can find their original blog post here:

- Plugin Vulnerabilities Blog

The vulnerability was later assigned CVE-2023-48325 in the CVE list

- CVE-2023-48325

The WordPress plugin repository page for the vulnerable plugin is as follows

- Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages

Mitigation and Conclusion

The PluginOps team has released a security update to fix the URL redirection vulnerability. It is recommended that users update their Landing Page Builder plugin to the latest version (1.5.1.6 or later) to protect their websites from potential attacks.

To summarize, it is crucial to ensure that your WordPress plugins are up-to-date and properly maintained. By following best practices in web application security, you can prevent security issues like the CVE-2023-48325 vulnerability from impacting your online presence.

Timeline

Published on: 12/07/2023 12:15:00 UTC
Last modified on: 12/12/2023 16:53:00 UTC