CSRF Vulnerability in Clean Login Plugin for WordPress
CVE-2017-8875

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Clean Login
Vendor: CVE Published:; 10 May 2017

What is CVE-2017-8875?

The Clean Login plugin for WordPress, before version 1.8, contains a Cross-Site Request Forgery (CSRF) vulnerability. This flaw enables remote attackers to change the login redirect or logout redirect URLs through malicious requests. By exploiting this weakness, an attacker can redirect users to arbitrary URLs, potentially leading to further phishing or malicious activities.

References

https://wordpress.org/plugins/clean-login/#developers

x_refsource_MISC

http://seclists.org/fulldisclosure/2017/May/23

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2017
Vulnerability Reserved
May 9, 2017

CVE-2017-8875 Data

JSON

Wordpress

What is CVE-2017-8875?

References

CVSS V3.1

Timeline