CVE-2013-2694

EPSS 0.35%
Veröffentlicht 28.03.2014 15:55:08
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle PSIRT-CNA@flexerasoftware.com
CVE-Watchlists
Login
Unerledigt
Login

WP Symposium <= 13.04 - Open Redirection

Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter.

Mögliche Gegenmaßnahme

WP Symposium: Update to version 13.05, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WP Symposium

Version * - 13.04

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpsymposiumpro ≫ Wp Symposium Version13.04 SwPlatformwordpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.548

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/92274

http://secunia.com/advisories/52925

Vendor Advisory

http://www.securityfocus.com/bid/59045

https://www.wordfence.com/threat-intel/vulnerabilities/id/dd4d7c44-890c-4560-b637-cdc0ca00de31

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-2694

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2694

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2694

EUVD