Closed carlHandy closed 1 month ago
Unsanitized input from data from a remote resource flows into window.location, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
success: function(response) { if (response.success && response.data.checkout_url) { window.location.href = response.data.checkout_url;
Link to code: https://github.com/Kalpa-Services/mmg-wp-plugin/blob/5ed3af147c036b2004efe12629fd6560a65a8724/js/mmg-checkout.js#L21
Unsanitized input from data from a remote resource flows into window.location, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
Link to code: https://github.com/Kalpa-Services/mmg-wp-plugin/blob/5ed3af147c036b2004efe12629fd6560a65a8724/js/mmg-checkout.js#L21