Lucene search

WpvulndbWPVDB-ID:48742138-3E60-4DCA-9851-A374D5363EDF

HistoryApr 11, 2024 - 12:00 a.m.

App Builder < 3.8.8 - Open Redirection

2024-04-1100:00:00

wpscan.com

open redirection

app builder

wordpress

vulnerability

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.9%

JSON

Description The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.8.7. This is due to insufficient validation on the redirect url supplied via the ‘url’ parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

CPENameOperatorVersion
eq3.8.8

CPE	Name	Operator	Version
		eq	3.8.8

References

www.wordfence.com/threat-intel/vulnerabilities/id/0488a421-e725-4b64-94ee-3a81f4bc5451

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.9%

JSON

Related for WPVDB-ID:48742138-3E60-4DCA-9851-A374D5363EDF