PT-2024-36135 · Unknown · Login Widget With Shortcode
Muhamad Agil Fachrian
·
Published
2024-12-09
·
Updated
2024-12-09
·
CVE-2024-54255
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Login Widget With Shortcode versions n/a through 6.1.2
Description:
The issue is an Open Redirect vulnerability that allows phishing attacks. This vulnerability exists in the Login Widget With Shortcode and can be exploited to redirect users to untrusted sites.
Recommendations:
For versions n/a through 6.1.2, update to a version later than 6.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the Login Widget With Shortcode to minimize the risk of exploitation. Avoid using the Login Widget With Shortcode until the issue is resolved.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Login Widget With Shortcode