CVE-2015-10114

Published: Jun 5, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. The patch is identified as 1ac6d6ac26e185673f95fc1ccc56a392169ba601. It is recommended to upgrade the affected component. VDB-230654 is the identifier assigned to this vulnerability.

Affected (1)

Products: Woocommerce: Woosidebars

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Woocommerce Woosidebars	Before 1.4.2

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (6)

https://github.com/wp-plugins/woosidebars/commit/1ac6d6ac26e185673f95fc1ccc56a392169ba601

Source: cna@vuldb.com

Patch

https://vuldb.com/?ctiid.230654

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?id.230654

Source: cna@vuldb.com

Permissions Required

https://github.com/wp-plugins/woosidebars/commit/1ac6d6ac26e185673f95fc1ccc56a392169ba601

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://vuldb.com/?ctiid.230654

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://vuldb.com/?id.230654

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.