Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2023-0552
HistoryMar 31, 2023 - 11:28 a.m.

WordPress Pie Register <3.8.2.3 - Open Redirect

2023-03-3111:28:24
ProjectDiscovery
github.com
21
cve2023
redirect
pie-register
wpscan
genetechsolutions
wordpress
open redirect
vulnerability

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.0%

JSON
WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

id: CVE-2023-0552

info:
  name: WordPress Pie Register <3.8.2.3 - Open Redirect
  author: r3Y3r53
  severity: medium
  description: |
    WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  remediation: |
    Fixed in version 3.8.2.3.
  reference:
    - https://wpscan.com/vulnerability/832c6155-a413-4641-849c-b98ba55e8551
    - https://nvd.nist.gov/vuln/detail/CVE-2023-0552
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 5.4
    cve-id: CVE-2023-0552
    cwe-id: CWE-601
    epss-score: 0.00092
    epss-percentile: 0.39168
    cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: genetechsolutions
    product: pie_register
    framework: wordpress
  tags: cve2023,cve,redirect,pie,pie-register,wpscan,genetechsolutions,wordpress

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-admin?piereg_logout_url=true&redirect_to=https://oast.me"

    redirects: true
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
# digest: 490a0046304402203fe4df23c800718a8fc1b6aa75d17660ea5e3ecbf9bad91b33e15202a629463302202dcd39f417726bda05249f40f18a86b6a265cf0b14853256096d0893e8f786d9:922c64590222798bb761d5b6d8e72950

Related

nvd 1
prion 1
cvelist 1
cve 1
wpexploit 1
wpvulndb 1
wordfence 1
nvd
nvd
CVE-2023-0552
2023-02-27 16:15:12
prion
prion
Open redirect
2023-02-27 16:15:00
cvelist
cvelist
CVE-2023-0552 Pie Register < 3.8.2.3 - Open Redirect
2023-02-27 15:24:31
cve
cve
CVE-2023-0552
2023-02-27 16:15:12
wpexploit
wpexploit
Pie Register < 3.8.2.3 - Open Redirect
2023-02-06 00:00:00
wpvulndb
wpvulndb
Pie Register < 3.8.2.3 - Open Redirect
2023-02-06 00:00:00
wordfence
wordfence
Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)
2023-02-16 15:21:24

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.0%

JSON
Related for NUCLEI:CVE-2023-0552
nvd1prion1cvelist1cve1wpexploit1wpvulndb1wordfence1