CVE-2015-10112

EPSS 0.07%
Published 05.06.2023 08:15:09
Last modified 21.11.2024 02:24:24
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Woocommerce ≫ Wooframework Branding SwPlatformwordpress Version <= 1.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.183

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/wp-plugins/wooframework-branding/commit/f12fccd7b5eaf66442346f748c901ef504742f78

Patch

https://vuldb.com/?ctiid.230652

Third Party Advisory

Permissions Required

https://vuldb.com/?id.230652

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-10112

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-10112

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-10112

EUVD