4 matches found
CVE-2024-1849 WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection
The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL...
CVE-2024-1849 WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection
The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL...
CVE-2024-1849
The CVE-2024-1849 entry concerns WP Customer Reviews for WordPress: versions prior to 3.7.1 expose an unvalidated parameter that allows contributors+ to redirect pages to a malicious URL. This is an Unvalidated Redirects and Forwards issue with a reported CVSS v3.1 base score of 5.4 (Medium). The...
WordPress WP Customer Reviews Plugin < 3.7.1 is vulnerable to Unvalidated Redirects and Forwards
Software WP Customer Reviews Type Plugin Vulnerable versions 3.7.1 Fixed in 3.7.1 OWASP Top 10 A3: Injection Classification Unvalidated Redirects and Forwards CVE CVE-2024-1849 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 694993a46a33 Credits Dmitrii Ignatyev Required...