CVE-2015-5461
published 2015-07-08CVE-2015-5461: Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to…
PriorityP431medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
6.28%
92.7th percentile
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stageshow_project | stageshow | <= 5.08 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress StageShow <5.0.9 - Open Redirect
nuclei·CVSS 6.4
CVE-2015-5461 [MEDIUM] WordPress StageShow <5.0.9 - Open Redirect
WordPress StageShow <5.0.9 - Open Redirect
WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshow_redirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter.
Template:
id: CVE-2015-5461
info:
name: WordPress StageShow <5.0.9 - Open Redirect
author: 0x_Akoko
severity: medium
description: WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshow_redirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter.
impact: |
An attacker can trick users into visiting a malicious website, leading to potential phi
http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.htmlhttp://seclists.org/fulldisclosure/2015/Jul/27http://www.securityfocus.com/bid/75552https://plugins.trac.wordpress.org/changeset/1165310/https://wordpress.org/plugins/stageshow/changelog/https://wpvulndb.com/vulnerabilities/8073http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.htmlhttp://seclists.org/fulldisclosure/2015/Jul/27http://www.securityfocus.com/bid/75552https://plugins.trac.wordpress.org/changeset/1165310/https://wordpress.org/plugins/stageshow/changelog/https://wpvulndb.com/vulnerabilities/8073
2015-07-08
Published