This vulnerability is in stageshow_redirect.php in the “Redirect” function. It allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks in the “url” parameter.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
simple:press | le | 5.0.8 |