CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1849 – WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection
https://notcve.org/view.php?id=CVE-2024-1849
The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL El complemento WP Customer Reviews de WordPress anterior a 3.7.1 no valida un parámetro que permite a los contribuyentes y usuarios superiores redirigir una página a una URL maliciosa The WP Customer Reviews plugin for WordPress is vulnerable to malicious redirects in all versions up to, and including, 3.7.0. This is due to the plugin not properly validating the Business Name field. This makes it possible for authenticated attackers, with contributor-level access and above, to inject malicious redirects. • https://wpscan.com/vulnerability/e6d9fe28-def6-4f25-9967-a77f91899bfe • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •