Vulnerability Details CVE-2018-17074
The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
- https://hackerone.com/reports/22142
- https://plugins.trac.wordpress.org/browser/wordpress-feed-statistics/trunk/feed-statistics.php?rev=960868
- https://wordpress.org/plugins/wordpress-feed-statistics/#developers
- https://wpvulndb.com/vulnerabilities/7543
- https://hackerone.com/reports/22142
- https://plugins.trac.wordpress.org/browser/wordpress-feed-statistics/trunk/feed-statistics.php?rev=960868
- https://wordpress.org/plugins/wordpress-feed-statistics/#developers
- https://wpvulndb.com/vulnerabilities/7543
Products affected by CVE-2018-17074
-
cpe:2.3:a:feed_statistics_project:feed_statistics:1.3.2
-
cpe:2.3:a:feed_statistics_project:feed_statistics:1.4
-
cpe:2.3:a:feed_statistics_project:feed_statistics:1.4.1
-
cpe:2.3:a:feed_statistics_project:feed_statistics:1.4.2
-
cpe:2.3:a:feed_statistics_project:feed_statistics:1.4.3
-
cpe:2.3:a:feed_statistics_project:feed_statistics:1.5
-
cpe:2.3:a:feed_statistics_project:feed_statistics:2.0
-
cpe:2.3:a:feed_statistics_project:feed_statistics:3.0