CVE-2023-38478

2023-12-1920:15:07

CWE-601

[email protected]

web.nvd.nist.gov

cve-2023-38478

url redirection

vulnerability

crm perks integration

woocommerce

quickbooks

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3.

Affected configurations

Vulners

NVD

Node

crm_perksintegration_for_woocommerce_and_quickbooksRange≤1.2.3

CPENameOperatorVersion
crmperks:integration_for_woocommerce_and_quickbookscrmperks integration for woocommerce and quickbooksle1.2.3

CPE	Name	Operator	Version
crmperks:integration_for_woocommerce_and_quickbooks	crmperks integration for woocommerce and quickbooks	le	1.2.3

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-woocommerce-quickbooks",
    "product": "Integration for WooCommerce and QuickBooks",
    "vendor": "CRM Perks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-woocommerce-quickbooks/wordpress-integration-for-woocommerce-and-quickbooks-plugin-1-2-3-open-redirection-vulnerability?_s_id=cve