| CVE | Not available |
|---|---|
| CVSS | High (7.1) |
| Publicly Published | October 21, 2019 |
| Last Updated | January 22, 2024 |
| Researcher |
Mikey Veenstra
|
Helper plugins packaged with Bridge theme possess an Open Redirect vulnerability, allowing a malicious actor to create links to the site that redirect people to malicious domains. The Bridge theme, Qode Instagram Widget plugin, and Qode Twitter Feed plugin for WordPress are vulnerable to open redirects via the url parameter due to missing validation on the redirect location, that makes it possible for attackers to redirect unsuspecting users to malicious sites. This affects versions up to 18.2.1 in the Bridge theme, versions up to 2.0.2 in the Instagram widget plugin, and versions up to 2.0.1 in the Twitter feed plugin, and can be exploited by unauthenticated users.
References| Software Type | Theme |
|---|---|
| Software Slug | bridge (view on wordpress.org) |
| Patched? | Yes |
| Affected Version |
|
| Patched Version |
|
| Software Type | Plugin |
| Software Slug | qode-instagram-widget (view on wordpress.org) |
| Patched? | Yes |
| Affected Version |
|
| Patched Version |
|
| Software Type | Plugin |
| Software Slug | qode-twitter-feed (view on wordpress.org) |
| Patched? | Yes |
| Affected Version |
|
| Patched Version |
|
Copyright 2012-2026 Defiant Inc.
License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.
License Detail.