Lucene search

K
cve[email protected]CVE-2023-0552
HistoryFeb 27, 2023 - 4:15 p.m.

CVE-2023-0552

2023-02-2716:15:12
web.nvd.nist.gov
34
cve-2023
0552
registration forms
wordpress
plugin
open redirect
vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

39.4%

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability

Affected configurations

Vulners
NVD
Node
easyregistrationformseasy_registration_formsRange3.8.1.43.8.2.3
VendorProductVersionCPE
easyregistrationformseasy_registration_forms*cpe:2.3:a:easyregistrationforms:easy_registration_forms:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Registration Forms",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "3.8.1.4",
        "lessThan": "3.8.2.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

39.4%