CVE-2024-0337
Travelpayouts <= 1.1.15 - Open Redirect
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
The Travelpayouts: All Travel Brands in One Place plugin for WordPress is vulnerable to Open Redirect in versions 0.0.0.0 to 1.1.16. This is due to insufficient validation on the redirect url supplied via the travelpayouts_redirect parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-01-09 CVE Reserved
- 2024-02-28 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890 | 2024-08-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Unknown Search vendor "Unknown" | Travelpayouts All Travel Brands In One Place Search vendor "Unknown" for product "Travelpayouts All Travel Brands In One Place" | <= 1.1.15 Search vendor "Unknown" for product "Travelpayouts All Travel Brands In One Place" and version " <= 1.1.15" | en |
Affected
| ||||||