WordPress · Wccp-Pro · CVE-2024-6690
Name of the Vulnerable Software and Affected Versions:
wccp-pro WordPress plugin versions prior to 15.3
Description:
The issue concerns an open-redirect flaw via the `referrer` parameter, allowing the redirection of users to external sites.
Recommendations:
For versions prior to 15.3, update to version 15.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `referrer` parameter to minimize the risk of exploitation.