CVE-2015-10102: 
WordPress vulnerability analysis and mitigation

A critical vulnerability was discovered in Freshdesk Plugin version 1.7 for WordPress (CVE-2015-10102). The vulnerability is an open redirect issue that allows remote attackers to redirect users to arbitrary URLs. The issue was patched in version 1.8 with a security fix that requires users to configure all portal URLs in the settings page (GitHub Patch, NVD).

The vulnerability has a CVSS v3.1 base score of 6.1 (MEDIUM) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The issue stems from insufficient validation of redirect URLs in the plugin's functionality. The vulnerability is classified as CWE-601: URL Redirection to Untrusted Site ('Open Redirect') (NVD).

If exploited, this vulnerability could allow attackers to redirect users to malicious websites without requiring authentication. This could potentially lead to phishing attacks or other social engineering attempts targeting WordPress users who interact with the Freshdesk plugin (NVD).

Users should upgrade to Freshdesk Plugin version 1.8 or later, which includes the security fix. The patch implements proper validation of portal URLs by requiring administrators to configure all valid portal URLs in the settings page (GitHub Patch).