Lucene search
WPScanVULNRICHMENT:CVE-2024-1849HistoryApr 15, 2024 - 5:00 a.m.
CVE-2024-1849 WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection
2024-04-1505:00:05
WPScan
github.com
1
cve-2024-1849
wp customer reviews
malicious redirect
http-equiv injection
validation bypass
contributor users
The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:aaron_queen:wp_customer_reviews:*:*:*:*:*:*:*:*"
],
"vendor": "aaron_queen",
"product": "wp_customer_reviews",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "3.7.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
wpvulndb
wpvulndb
WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection
2024-03-25 00:00:00
nvd
nvd
CVE-2024-1849
2024-04-15 05:15:15
wpexploit
wpexploit
WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection
2024-03-25 00:00:00
cvelist
cvelist
cve
cve
CVE-2024-1849
2024-04-15 05:15:15
wordfence
wordfence
AI Score
6.7
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-1849