Lucene search

PatchstackCVELIST:CVE-2023-38481

HistoryDec 19, 2023 - 8:00 p.m.

CVE-2023-38481 WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection

2023-12-1920:00:45

CWE-601

Patchstack

www.cve.org

wordpress

woocommerce

zoho crm

open redirection

vulnerability

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woo-zoho",
    "product": "Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin",
    "vendor": "CRM Perks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3.7",
            "status": "unaffected"
          }
        ],
        "lessThan": "1.3.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-38481