Vulnerability Details : CVE-2015-5461
Potential exploit
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
Vulnerability category: Open redirect
Products affected by CVE-2015-5461
- cpe:2.3:a:stageshow_project:stageshow:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5461
19.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5461
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
References for CVE-2015-5461
-
https://wpvulndb.com/vulnerabilities/8073
StageShow <= 5.0.8 - Open Redirect
-
http://seclists.org/fulldisclosure/2015/Jul/27
Full Disclosure: Open redirect vulnerability in StageShow Wordpress plugin v5.0.8Exploit
-
http://www.securityfocus.com/bid/75552
WordPress StageShow Plugin 'stageshow_redirect.php' Open Redirection Vulnerability
-
https://plugins.trac.wordpress.org/changeset/1165310/
Changeset 1165310 – WordPress Plugin Repository
-
http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.html
WordPress StageShow 5.0.8 Open Redirect ≈ Packet StormExploit
-
https://wordpress.org/plugins/stageshow/changelog/
StageShow – WordPress plugin | WordPress.orgPatch
Jump to