Meta Tag Manager WordPress Plugin Open Redirect Vulnerability

A vulnerability exists in the Meta Tag Manager WordPress plugin in versions prior to 3.3, allowing users with Contributor privileges or higher to create http-equiv refresh meta tags. This lack of restriction could be exploited for open redirect or phishing attacks. The vulnerability arises because the plugin does not limit which user roles can add certain types of meta tags, potentially leading to unauthorized redirection.

Impact

Exploitation of this vulnerability could result in an open redirect, allowing attackers to redirect users to malicious sites, or a phishing attack, where users are tricked into providing sensitive information.

Reproduction

To reproduce this vulnerability, log in as a user with Contributor privileges. Create a new post and navigate to the Meta Tag Manager section. Add a new meta tag, selecting 'http-equiv' as the tag type and 'refresh' as the http-equiv value. Set the content attribute to redirect to an external URL, then submit and preview the post.

Remediation

Users are advised to update the Meta Tag Manager WordPress plugin to version 3.3 or later.