PT-2023-10290 · WordPress · Wooframework Branding Plugin
Jeffikus
·
Published
2023-06-05
·
Updated
2024-05-17
·
CVE-2015-10112
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
WooFramework Branding Plugin versions up to 1.0.1
Description
A problematic vulnerability has been found in the WooFramework Branding Plugin on WordPress. The issue affects the
admin screen logic function of the file wooframework-branding.php. The manipulation of the url argument leads to an open redirect. This attack can be launched remotely.Recommendations
For WooFramework Branding Plugin versions up to 1.0.1, upgrade to version 1.0.2 to address this issue. As a temporary workaround, consider restricting the manipulation of the
url argument in the admin screen logic function until the upgrade is applied.Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wooframework Branding Plugin