The Qode Instagram Widget and Qode Twitter Feed both have bugs that could allow redirects to malicious sites. An open redirect vulnerability can be used to hide malicious links behind URLs for legitimate domains. Qode has released a patch for both plugins, available in version 2.0.2, which can be applied after users update the Bridge theme itself to version 18.2.1.1. Researchers said that Qode users aren t very good about patching their plugins, with 38 percent of active Qode installations not been updated in more than two years.
Source: https://threatpost.com/open-redirect-bug-bridge-theme/149437/