oss-sec mailing list archives

WordPress Newsletter Plug-in URL Redirection Vulnerability - CVE Request

From: Jing Wang <justqdjing () gmail com>
Date: Fri, 24 Apr 2015 00:32:30 +0800

Hello,

Could you assign a CVE reference ID for the following vulnerability?
Thank you very much.

http://seclists.org/fulldisclosure/2015/Mar/23
http://www.osvdb.org/show/osvdb/119170
http://packetstormsecurity.com/files/130647/wpnewsletter-openredirect.txt



=======
Exploit Title:
The Newsletter Plugin for WordPress do.php nr Parameter Open Redirect

Product:
WordPress Newsletter Plug-in

Vendor:
Satollo.net

Vendor Link:
http://www.satollo.net/downloads
https://wordpress.org/plugins/newsletter/
https://github.com/WordPress-Plugins-Themes/newsletter

Vulnerable Versions:
Version 2.6.4.4
version 2.6.4.3
version 2.6.4.2
version 2.6.4.1
version 2.6.4
version 2.6.3
version 2.5.3.3
version 2.5.3.2
version 2.5.3.1
version 2.5.3
version 2.5.2.3
version 2.5.2.2
version 2.5.2.1
version 2.5.2
version 2.5.1.5
version 2.5.1.4
Version 2.5.1.3
Version 2.5.1.2
Version 2.5.1.1
Version 2.5.1
Version 2.5.0.1
Version 2.5.0


Tested Versions:
Check All Related Versions' Source Code

=======


Best Regards,
Jing

Current thread:

WordPress Newsletter Plug-in URL Redirection Vulnerability - CVE Request Jing Wang (Apr 23)