exploitDog

CVE-2021-25028

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue

Ссылки

https://wpscan.com/vulnerability/80b0682e-2c3b-441b-9628-6462368e5fc7
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/80b0682e-2c3b-441b-9628-6462368e5fc7
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tri:event_tickets:*:*:*:*:*:wordpress:*:*

Версия до 5.2.2 (исключая)

EPSS

Процентиль: 89%

0.04398

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-mf96-763w-mh5v

github

около 4 лет назад

The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue

EPSS

Процентиль: 89%

0.04398

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601