Vulnerability Description
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stageshow Project | Stageshow | <= 5.08 |
References
- http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-RedirExploit
- http://seclists.org/fulldisclosure/2015/Jul/27Exploit
- http://www.securityfocus.com/bid/75552
- https://plugins.trac.wordpress.org/changeset/1165310/
- https://wordpress.org/plugins/stageshow/changelog/Patch
- https://wpvulndb.com/vulnerabilities/8073
- http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-RedirExploit
- http://seclists.org/fulldisclosure/2015/Jul/27Exploit
- http://www.securityfocus.com/bid/75552
- https://plugins.trac.wordpress.org/changeset/1165310/
- https://wordpress.org/plugins/stageshow/changelog/Patch
- https://wpvulndb.com/vulnerabilities/8073
FAQ
What is CVE-2015-5461?
CVE-2015-5461 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and c...
How severe is CVE-2015-5461?
CVE-2015-5461 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5461?
Check the references section above for vendor advisories and patch information. Affected products include: Stageshow Project Stageshow.