Open Redirect Vulnerability in Feed Statistics Plugin for WordPress
CVE-2018-17074

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Feed Statistics
Vendor
CVE Published:
16 September 2018

What is CVE-2018-17074?

The Feed Statistics plugin for WordPress, prior to version 4.0, contains an Open Redirect vulnerability that allows attackers to manipulate the 'feed-stats-url' parameter. This can potentially redirect users to malicious sites, putting their data and the integrity of the website at risk. Website administrators and users should upgrade to version 4.0 or later to mitigate this security issue. Regular updates and security audits are crucial for maintaining the overall safety and reliability of WordPress sites.

References

https://wordpress.org/plugins/wordpress-feed-statistics/#...
x_refsource_MISC
https://hackerone.com/reports/22142
x_refsource_MISC
https://plugins.trac.wordpress.org/browser/wordpress-feed...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.