WordPress Google Adsense and Hotel Booking Plugin <= 1.05 - Open Redirection

google-adsense-and-hotel-booking

Software
Google Adsense and Hotel Booking
Versions
<= 1.05
Disclosure date
2015-08-15
CVE
CVE-2015-1000009
References
Classification
Open Redirection
OWASP Top 10
A10: Unvalidated Redirects and Forwards

Are your websites subject to this vulnerability?

Details

The vulnerability is in the ./plugin/google-adsense-and-hotel-booking/proxy.php. It allows an arbitrary user to proxy POST requests though the host site. This may allow attackers to hide attacks.

Solution

Update the plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.