Vulnerability Details : CVE-2023-3139
Potential exploit
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
Vulnerability category: Open redirect
Products affected by CVE-2023-3139
- cpe:2.3:a:wp-experts:protect_wp_admin:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3139
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3139
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2023-3139
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: contact@wpscan.com (Secondary)
-
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Assigned by: contact@wpscan.com (Primary)
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2023-3139
-
https://wpscan.com/vulnerability/f8a29aee-19cd-4e62-b829-afc9107f69bd
Just a moment...Exploit;Patch;Third Party Advisory
-
https://magos-securitas.com/txt/CVE-2023-3139.txt
Third Party Advisory
Jump to