oss-sec mailing list archives
Newsletter Plugin for WordPress Unvalidated Redirects and Forwards URL Vulnerability - CVE Request
From: Ryan King <tetraphibious () gmail com>
Date: Fri, 3 Jul 2015 16:26:23 +0800
Hello, Could you assign a CVE reference ID for the following vulnerability? Thank you very much. http://seclists.org/fulldisclosure/2015/Mar/23http://www.osvdb.org/show/osvdb/119170http://tetraph.com/security/open-redirect/wordpress-newsletter-plug-in-url-redirection-open-redirect-security-vulnerabilities/http://packetstormsecurity.com/files/130647/wpnewsletter-openredirect.txthttp://lists.openwall.net/full-disclosure/2015/03/05/2http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1663 ======= Exploit Title: The Newsletter Plugin for WordPress do.php nr Parameter Open Redirect Product: WordPress Newsletter Plug-in Vendor: Satollo.net Vendor Link:http://www.satollo.net/downloadshttp://www.thenewsletterplugin.com/https://wordpress.org/plugins/newsletter/https://github.com/WordPress-Plugins-Themes/newsletter Vulnerable Versions: Version 2.6.4.4 version 2.6.4.3 version 2.6.4.2 version 2.6.4.1 version 2.6.4 version 2.6.3 version 2.5.3.3 version 2.5.3.2 version 2.5.3.1 version 2.5.3 version 2.5.2.3 version 2.5.2.2 version 2.5.2.1 version 2.5.2 version 2.5.1.5 version 2.5.1.4 Version 2.5.1.3 Version 2.5.1.2 Version 2.5.1.1 Version 2.5.1 Version 2.5.0.1 Version 2.5.0 Tested Versions: Check All Related Versions' Source Code ======= Best Regards, Wang Jing -- Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.http://www.tetraph.com/wangjing/https://twitter.com/justqdjing
Current thread:
- Newsletter Plugin for WordPress Unvalidated Redirects and Forwards URL Vulnerability - CVE Request Ryan King (Jul 03)