WordPress Plugin Vulnerabilities

Simple Membership < 4.4.2 - Open Redirect

Description

The plugin is vulnerable to Open Redirect.
This is due to insufficient validation on the redirect url supplied via the swpm_page_url parameter, making it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

Plugin icon
simple-membership
Fixed in 4.4.2

References

CVE
CVE-2024-22308
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b0086de8-448f-452f-89d1-84b77b2e25a8

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Joshua Chan
Verified
No
WPVDB ID
99175b77-3db2-4cee-9a67-222a356d9751

Timeline

Publicly Published
2024-01-19 (about 2 years ago)
Added
2024-01-24 (about 2 years ago)
Last Updated
2024-01-24 (about 2 years ago)

Other

Published
Title
Published
2024-09-30
Title
EventPrime < 4.0.4.6 - Open Redirect
Published
2024-04-25
Title
Video Conferencing with Zoom < 4.4.5 - Open Redirect
Published
2021-12-27
Title
WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect
Published
2024-04-12
Title
Freshdesk (official) < 2.4.0 - Open Redirect
Published
2017-07-13
Title
Download Manager <= 2.9.50 - Open Redirect