CVE-2015-10104 – Icons for Features Plugin class-icons-for-features-admin.php redirect

https://notcve.org/view.php?id=CVE-2015-10104

A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. • https://github.com/wp-plugins/icons-for-features/commit/63124c021ae24b68e56872530df26eb4268ad633 https://github.com/wp-plugins/icons-for-features/releases/tag/1.0.1 https://vuldb.com/?ctiid.227756 https://vuldb.com/?id.227756 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •