CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10114 – WooSidebars Plugin class-woo-sidebars.php enable_custom_post_sidebars redirect
https://notcve.org/view.php?id=CVE-2015-10114
22 Apr 2015 — A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. • https://github.com/wp-plugins/woosidebars/commit/1ac6d6ac26e185673f95fc1ccc56a392169ba601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10115 – WooSidebars Sidebar Manager Converter Plugin class-woosidebars-sbm-converter.php process_request redirect
https://notcve.org/view.php?id=CVE-2015-10115
22 Apr 2015 — A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. • https://github.com/wp-plugins/woosidebars-sbm-converter/commit/a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •