WordPress Plugin Vulnerabilities

StageShow <= 5.0.8 - Open Redirect

Description

The StageShow WordPress plugin was affected by an Open Redirect security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
stageshow
Fixed in 5.0.9

References

CVE
CVE-2015-5461
URL
https://packetstormsecurity.com/files/#132553/
URL
https://seclists.org/fulldisclosure/2015/Jul/27
URL
https://plugins.trac.wordpress.org/changeset/1165310

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
afc0d5b5-280f-424f-bc3e-d04452e56e16

Timeline

Publicly Published
2015-07-05 (about 10 years ago)
Added
2015-07-05 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2020-08-12
Title
Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
Published
2025-04-17
Title
Sassy Social Share < 3.3.74 - Open Redirect
Published
2018-12-01
Title
Ninja Forms <= 3.3.19 - Authenticated Open Redirect
Published
2023-01-06
Title
miniOrange WordPress SAML SSO Premium < 12.1.0 - Open Redirect in SSO login
Published
2026-01-31
Title
Conditional CAPTCHA <= 4.0.0 - Open Redirect