Open Redirect Vulnerability in StageShow Plugin for WordPress
CVE-2015-5461

Currently unrated

Key Information:

Vendor

Wordpress
Status
Stageshow
Vendor
CVE Published:
8 July 2015

What is CVE-2015-5461?

The StageShow plugin for WordPress contains an Open Redirect vulnerability in the redirect function located in stageshow_redirect.php. This flaw allows remote attackers to manipulate URLs via the 'url' parameter, potentially redirecting unsuspecting users to malicious websites. This vulnerability can be exploited for phishing attacks, compromising user data and trust. Users are strongly advised to update to version 5.0.9 or later to mitigate this risk.

References

https://wordpress.org/plugins/stageshow/changelog/
x_refsource_CONFIRM
http://packetstormsecurity.com/files/132553/WordPress-Sta...
x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Jul/27
mailing-listx_refsource_FULLDISC

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.