Lucene search

WpvulndbWPVDB-ID:2EDA8640-6669-482D-8AD3-785129784CEB

HistoryMay 01, 2024 - 12:00 a.m.

Video Conferencing with Zoom < 4.4.5 - Open Redirect

2024-05-0100:00:00

wpscan.com

video conferencing

zoom

open redirect

vulnerable

wordpress

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.1%

JSON

Description The Video Conferencing with Zoom plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.4.4. This is due to insufficient validation on a redirect url. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

CPENameOperatorVersion
eq4.4.5

CPE	Name	Operator	Version
		eq	4.4.5

References

www.wordfence.com/threat-intel/vulnerabilities/id/14da4735-894e-408a-864b-cdc76feacde9

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.1%

JSON

Related for WPVDB-ID:2EDA8640-6669-482D-8AD3-785129784CEB