ThreatPress

WordPress Vulnerabilities Database

Back

WordPress StageShow Plugin <= 5.0.8 - Open redirect

Product
Simple:Press
Description
This vulnerability is in stageshow_redirect.php in the "Redirect" function. It allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks in the "url" parameter.
Solution
Update the plugin.
Classification
Type Open Redirection
References
CVE Mitre
CVE
Name CVE-2015-5461
Versions
Affected In <= 5.0.8
Fixed In 5.0.9
Disclosure date
2015-07-08
Submitter
ThreatPress