CVE-2024-4900

{"id": "CVE-2024-4900", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-06-24T06:15:11.423", "references": [{"url": "https://wpscan.com/vulnerability/a56ad272-e2ed-4064-9b5d-114a834dd8b3/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/a56ad272-e2ed-4064-9b5d-114a834dd8b3/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post"}, {"lang": "es", "value": "El complemento SEOPress WordPress anterior a 7.8 no valida ni escapa a una de sus configuraciones de publicaci\u00f3n, lo que podr\u00eda permitir que el colaborador y el rol superior realicen ataques de redireccionamiento abierto contra cualquier usuario que vea una publicaci\u00f3n maliciosa."}], "lastModified": "2025-05-19T21:04:24.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:seopress:seopress:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "ACFBBA13-7770-41B8-8180-525328070799", "versionEndExcluding": "7.8"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}