Academy LMS < 2.0.11 – Open Redirect | CVE 2024-37234

Affects Plugins

academy

Fixed in 2.0.11

References

CVE

CVE-2024-37234

URL

https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-2-open-redirection-vulnerability

Classification

Type

REDIRECT

OWASP top 10

A1: Injection

CWE

CWE-601

CVSS

4.7 (medium)

Miscellaneous

Original Researcher

Mochamad Sofyan

Verified

No

WPVDB ID

6c200a5e-1b1d-4090-b094-b425b08f0c9b

Timeline

Publicly Published

2024-06-21 (about 1 year ago)

Added

2024-07-02 (about 1 year ago)

Last Updated

2024-09-03 (about 1 year ago)

Other

Published

Title

Published

2022-10-17

Title

WP < 6.0.3 - Open Redirect via wp_nonce_ays

Published

2022-03-29

Title

English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect

Published

2022-01-17

Title

Noptin < 1.6.5 - Open Redirect

Published

2023-01-06

Title

miniOrange WordPress SAML SSO Premium < 12.1.0 - Open Redirect in SSO login

Published

2017-05-16

Title

WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation