Jetpack says:
“The Login Widget With Shortcode plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.1.2. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.”
Login Widget With Shortcode <= 6.1.2 is vulnerable to Unvalidated Redirect
Security risk: redirect. The vulnerability allows an attacker to redirect victims to arbitrary URL. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
@support is there any update planned in the near future for this issue.
