Title: Open Redirect in JetEngine Wordpress Plugin
CVE ID: CVE-2021-41844
CVSSv3 Base Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Advisory Release Date: 16-12-2021
Advisory URL: https://labs.integrity.pt/advisories/cve-2021-41844
Credits: Discovery by Bruno Barreirinhas <bb[at]integrity.pt>
Crocoblock JetEngine plugin for Wordpress is vulnerable to Open Redirection via GET/POST request. The form parameter _jet_engine_refer accepts untrusted input that could cause the web application to redirect the request to a URL contained within the untrusted input.