Vulnerability Name: | CVE-2014-8754 (CCN-98990) | ||||||||
Assigned: | 2014-11-26 | ||||||||
Published: | 2014-11-26 | ||||||||
Updated: | 2017-09-08 | ||||||||
Summary: | Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the out parameter. CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N) 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:UR)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2014-8754 Source: MISC Type: UNKNOWN http://packetstormsecurity.com/files/129290/WordPress-Ad-Manager-1.1.2-Open-Redirect.html Source: CCN Type: Full Disclosure Mailing List, Wed, 26 Nov 2014 12:42:16 +0800 CVE-2014-8754 WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Source: FULLDISC Type: UNKNOWN 20141127 CVE-2014-8754 WordPress "Ad-Manager Plugin " Dest Redirect Privilege Escalation Source: MISC Type: UNKNOWN http://tetraph.com/security/cves/cve-2014-8754-wordpress-ad-manager-plugin-dest-redirect-privilege-escalation/ Source: CCN Type: BID-71320 WordPress Ad Manager Plugin 'track-click.php' Open Redirection Vulnerability Source: XF Type: UNKNOWN admanager-wp-cve20148754-open-redirect(98990) Source: XF Type: UNKNOWN admanager-wp-cve20148754-open-redirect(98990) Source: CCN Type: Packet Storm Security [11-27-2014] WordPress Ad-Manager 1.1.2 Open Redirect Source: CCN Type: WordPress Plugin Directory Ad Manager plugin for WordPress | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |