Vigil@nce - WordPress Ad-Manager: open redirect of track-click.php
December 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can deceive the user via track-click.php of WordPress
Ad-Manager, in order to redirect him to a malicious site.
Impacted products: WordPress Plugins
Severity: 1/4
Creation date: 27/11/2014
DESCRIPTION OF THE VULNERABILITY
The Ad-Manager plugin can be installed on WordPress.
However, the track-click.php page accepts to redirect the victim
with no warning, to an external site indicated by the attacker.
An attacker can therefore deceive the user via track-click.php of
WordPress Ad-Manager, in order to redirect him to a malicious site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-Ad-Manager-open-redirect-of-track-click-php-15712