WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities

IT Computer & Web Information Technology

WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities

Exploit Title: WordPress Newsletter Plug-in /do.php &nr parameter URL Redirection Security Vulnerabilities

Product: WordPress Newsletter Plug-in

Vendor: Satollo.net

Vulnerable Versions: 2.6.* 2.5.*

Tested Version: Check Related Versions’ Source Code

Advisory Publication: March 04, 2015

Latest Update: March 04, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Advisory Details:

(1) Vendor & Product Description:

Vendor:

Satollo.net

Product & Version:

WordPress Newsletter Plug-in

Version 2.6.4.4

version 2.6.4.3

version 2.6.4.2

version 2.6.4.1

version 2.6.4

version 2.6.3

version 2.5.3.3

version 2.5.3.2

version 2.5.3.1

version 2.5.3

version 2.5.2.3

version 2.5.2.2

version 2.5.2.1

version 2.5.2

version 2.5.1.5

version 2.5.1.4

Version 2.5.1.3

Version 2.5.1.2

Version 2.5.1.1

Version 2.5.1

Version 2.5.0.1

Version 2.5.0

Vendor URL & Download:

WordPress Newsletter Plug-in application and source code can be downloaded from here,

http://www.satollo.net/downloads

https://wordpress.org/plugins/newsletter/

https://github.com/WordPress-Plugins-Themes/newsletter

Product Introduction:

View original post 237 more words

Advertisements

About essaybeans

Getting realistic and idealistic at the same time.
This entry was posted in Computer & Web Technology, Web Application Technology and tagged , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s