PT-2023-10291 · WordPress · Wooframework Tweaks Plugin
Jeffikus
·
Published
2023-06-05
·
Updated
2024-05-17
·
CVE-2015-10113
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
WooFramework Tweaks Plugin versions up to 1.0.1
Description
A vulnerability was found in the WooFramework Tweaks Plugin on WordPress. The issue affects the
admin screen logic function of the file wooframework-tweaks.php. The manipulation of the url argument leads to an open redirect. This attack can be launched remotely.Recommendations
For WooFramework Tweaks Plugin versions up to 1.0.1, upgrade to version 1.0.2 to address this issue. As a temporary workaround, consider restricting access to the
admin screen logic function until the update is applied. Avoid using the url argument in the affected function to minimize the risk of exploitation.Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wooframework Tweaks Plugin