exploitDog

CVE-2024-13888

Опубликовано: 20 фев. 2025

Источник: nvd

CVSS3: 7.2

CVSS3: 6.1

EPSS Низкий

Описание

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Ссылки

https://plugins.trac.wordpress.org/changeset/3243366
Patch
https://wordpress.org/plugins/wpappninja/#developers
Product
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/a139f0fc-f3e0-4759-aa8d-ba138e5ccc87?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:amauri:wpmobile.app:*:*:*:*:*:wordpress:*:*

Версия до 11.57 (исключая)

EPSS

Процентиль: 74%

0.00803

Низкий

7.2 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-56h9-pghv-8mp7

CVSS3: 7.2

github

12 месяцев назад

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

EPSS

Процентиль: 74%

0.00803

Низкий

7.2 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-601