Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2024-0337

UNKNOWN
Published 2024-03-20T05:00:02.494Z
Actions:

CVSS Score

V3.1
6.1
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.001
probability
of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.272
Higher than 27.2% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
NONE

Description

The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Available Exploits

Travelpayouts <= 1.1.16 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

ID: CVE-2024-0337
Author: s4e-io Medium

References:

Related News

No news articles found for this CVE.

Affected Products

Unknown

Travelpayouts: All Travel Brands in One Place

Affected Versions:

0
travelpayouts

travelpayouts

Affected Versions:

0

WordPress Vulnerability

Identified and analyzed by Wordfence

Software Type

Plugin

Patch Status

Patched

Published

February 28, 2024

Software Details

Software Name

Travelpayouts: All Travel Brands in One Place

Software Slug

travelpayouts

Affected Versions

* - 1.1.16

Patched Versions

1.1.17

Remediation

Update to version 1.1.17, or a newer patched version

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/d9d19571-f0a1-4f15-a292-89b938c49afc?source=api-prod

© Defiant Inc. Data provided by Wordfence.

References

https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/
Published: 2024-03-20T05:00:02.494Z
Last Modified: 2024-08-01T18:18:19.215Z
Copied to clipboard!