CVE-2023-28786

2023-12-2910:15:08

CWE-601

[email protected]

web.nvd.nist.gov

cve-2023-28786

open redirect

solidwp solid security

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4.

Affected configurations

Nvd

Node

solidwpsolid_securityRange≤8.1.4wordpress

VendorProductVersionCPE
solidwpsolid_security*cpe:2.3:a:solidwp:solid_security:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
solidwp	solid_security	*	cpe:2.3:a:solidwp:solid_security::::::wordpress::*

References

patchstack.com/database/vulnerability/better-wp-security/wordpress-ithemes-security-plugin-8-1-4-open-redirection-via-host-header-vulnerability?_s_id=cve