SEOPress < 7.8 – Contributor+ Open Redirect | CVE 2024-4900 | Plugin Vulnerabilities

Description

The plugin does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post

Proof of Concept

As a contributor, create a new Post, at the bottom of the page put the following payload in the Social > Facebook Title field and save: 0;https://wpscan.com/" HTTP-EQUIV="refresh" a="a

Amy user (pre)viewing the post will be redirected to https://wpscan.com

Affects Plugins

Fixed in 7.8

References

CVE

URL

https://research.cleantalk.org/cve-2024-4900/

Classification

Type

REDIRECT

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

a56ad272-e2ed-4064-9b5d-114a834dd8b3

Timeline

Publicly Published

2024-06-03 (about 1 year ago)

Added

2024-06-03 (about 1 year ago)

Last Updated

2024-06-03 (about 1 year ago)

Other

Published

Title

Published

2019-09-05

Title

WordPress 5.2.2 - Potential Open Redirect

Published

2024-06-05

Title

Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect

Published

2014-08-01

Title

Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect

Published

2025-05-07

Title

Integration for WooCommerce and Salesforce < 1.7.6 - Open Redirect

Published

2021-08-25

Title

Nested Pages < 3.1.16 - Open Redirect