PT-2024-32570 · WordPress · Simple Membership After Login Redirection

Muhamad Agil Fachrian

Published

2024-10-10

Updated

2024-10-15

CVE-2024-47354

CVSS v3.1

4.7

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Simple Membership After Login Redirection versions 1.6 and earlier

Description A high-severity open redirection vulnerability has been identified, allowing URL redirection to untrusted sites. This issue affects the WordPress Simple Membership After Login Redirection plugin. Users are urged to update to the latest version to mitigate risks.

Recommendations For versions 1.6 and earlier, update to the latest version to mitigate the risk of open redirection. As a temporary workaround, consider restricting access to the plugin's redirection functionality until a patch is available.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2024-47354

Affected Products

Simple Membership After Login Redirection

PT-2024-32570 · WordPress · Simple Membership After Login Redirection

CVE-2024-47354

Weakness Enumeration

Related Identifiers

Affected Products

References · 7