CVE-2023-34020 : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.

Published 2024-03-27 13:24:44

Updated 2024-03-27 15:49:41

Source Patchstack

View at NVD, CVE.org

Vulnerability category: Open redirect

Products affected by CVE-2023-34020

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-34020

EPSS FAQ

1.91%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-34020

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N	2.8	1.4	Patchstack	2024-03-27
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2023-34020

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Assigned by: audit@patchstack.com (Primary)

References for CVE-2023-34020

https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability?_s_id=cve

WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Open Redirection vulnerability - Patchstack

Jump to

Vulnerability Details : CVE-2023-34020

Products affected by CVE-2023-34020

Exploit prediction scoring system (EPSS) score for CVE-2023-34020

CVSS scores for CVE-2023-34020

CWE ids for CVE-2023-34020

References for CVE-2023-34020