oss-sec mailing list archives
WordPress Newsletter Plug-in URL Redirection Vulnerability - CVE Request
From: Jing Wang <justqdjing () gmail com>
Date: Fri, 24 Apr 2015 00:32:30 +0800
Hello, Could you assign a CVE reference ID for the following vulnerability? Thank you very much. http://seclists.org/fulldisclosure/2015/Mar/23 http://www.osvdb.org/show/osvdb/119170 http://packetstormsecurity.com/files/130647/wpnewsletter-openredirect.txt ======= Exploit Title: The Newsletter Plugin for WordPress do.php nr Parameter Open Redirect Product: WordPress Newsletter Plug-in Vendor: Satollo.net Vendor Link: http://www.satollo.net/downloads https://wordpress.org/plugins/newsletter/ https://github.com/WordPress-Plugins-Themes/newsletter Vulnerable Versions: Version 2.6.4.4 version 2.6.4.3 version 2.6.4.2 version 2.6.4.1 version 2.6.4 version 2.6.3 version 2.5.3.3 version 2.5.3.2 version 2.5.3.1 version 2.5.3 version 2.5.2.3 version 2.5.2.2 version 2.5.2.1 version 2.5.2 version 2.5.1.5 version 2.5.1.4 Version 2.5.1.3 Version 2.5.1.2 Version 2.5.1.1 Version 2.5.1 Version 2.5.0.1 Version 2.5.0 Tested Versions: Check All Related Versions' Source Code ======= Best Regards, Jing
Current thread:
- WordPress Newsletter Plug-in URL Redirection Vulnerability - CVE Request Jing Wang (Apr 23)