exploitDog

CVE-2021-25074

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue

Ссылки

https://wpscan.com/vulnerability/f3c0a155-9563-4533-97d4-03b9bac83164
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f3c0a155-9563-4533-97d4-03b9bac83164
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webp_converter_for_media_project:webp_converter_for_media:*:*:*:*:*:wordpress:*:*

Версия до 4.0.3 (исключая)

EPSS

Процентиль: 77%

0.01001

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-4wcp-h664-5xc6

github

около 4 лет назад

The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue

EPSS

Процентиль: 77%

0.01001

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601