CVE-2024-4900

CWE-601 — Open Redirect5 documents4 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 54.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Seopress Seopress Seopress

Timeline

PublishedJun 24

Description

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/seopress< 7.8

▶NVDseopress/seopress< 7.8

🔴Vulnerability Details

CVEList

SEOPress < 7.8 - Contributor+ Open Redirect↗2024-06-24

▶

GHSA

GHSA-vjx7-hf5r-chv4: The SEOPress WordPress plugin before 7↗2024-06-24

▶

OSV

php7.4, php8.1, php8.2 vulnerabilities↗2024-05-02

▶

OSV

php7.0, php7.2, php7.4, php8.1 vulnerabilities↗2024-04-29

▶