4 matches found
CVE-2024-0337
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can...
WordPress Travelpayouts Plugin <= 1.1.16 is vulnerable to Open Redirection
Software Travelpayouts Type Plugin Vulnerable versions = 1.1.16 Fixed in 1.1.17 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-0337 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 22ec7383525a Credits Krzysztof Zając CERT PL Required privilege...
CVE-2024-0337 Travelpayouts <= 1.1.15 - Open Redirect
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can...
CVE-2024-0337
CVE-2024-0337 corresponds to an Open Redirect vulnerability in the Travelpayouts: All Travel Brands in One Place WordPress plugin. Connected data shows the issue arises from insufficient validation of the travelpayouts_redirect variable, enabling unauthenticated attackers to steer users to potent...