Ashiyane Digital Security Team Says It Found WordPress Open Redirect & XSS Bugs

January 21, 2016


The Iranian Ashiyane Digital Security Team (ADST) announced that it has found new WordPress vulnerabilities. It listed them as follows:

  1. WordPress JS External Link Info 1.21 Open Redirect Vulnerability
  2. WordPress Tubepress Plugin v 2 Cross Site Scripting
  3. WordPress No External links Plugin Open Redirect.

Cross Site Scripting (XSS) is a type of computer security vulnerability found in web applications that enables attackers to inject client-sides script into web pages viewed by other users. Open redirect is applications that redirect users to parameter value with no validation type. Vulnerability is used in phishing attacks. 

Source:, January 14, 2016.