Vigil@nce - WordPress: redirect via WP Symposium
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the parameter "u" of WP Symposium, in order to
redirect the victim to another site.
Impacted products: WordPress
Severity: 2/4
Creation date: 12/04/2013
DESCRIPTION OF THE VULNERABILITY
The WP Symposium plugin is used to manage a social network.
However, it does not filter its parameter "u". Technical details
are unknown.
An attacker can therefore use the parameter "u" of WP Symposium,
in order to redirect the victim to another site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-redirect-via-WP-Symposium-12666