PT-2023-10290 · WordPress · Wooframework Branding Plugin

Jeffikus

Publicado

2023-06-05

Atualizado

2024-05-17

CVE-2015-10112

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions WooFramework Branding Plugin versions up to 1.0.1

Description A problematic vulnerability has been found in the WooFramework Branding Plugin on WordPress. The issue affects the admin screen logic function of the file wooframework-branding.php. The manipulation of the url argument leads to an open redirect. This attack can be launched remotely.

Recommendations For WooFramework Branding Plugin versions up to 1.0.1, upgrade to version 1.0.2 to address this issue. As a temporary workaround, consider restricting the manipulation of the url argument in the admin screen logic function until the upgrade is applied.

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2015-10112

Produtos afetados

Wooframework Branding Plugin

PT-2023-10290 · WordPress · Wooframework Branding Plugin

CVE-2015-10112

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5