Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-39694

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-31 Jul, 2024 | 15:44
Updated At-31 Jul, 2024 | 16:51
Rejected At-
Credits

Duende IdentityServer Open Redirect vulnerability

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Note: by itself, this vulnerability does **not** allow an attacker to obtain user credentials, authorization codes, access tokens, refresh tokens, or identity tokens. An attacker could however exploit this vulnerability as part of a phishing attack designed to steal user credentials. This vulnerability is fixed in 7.0.6, 6.3.10, 6.2.5, 6.1.8, and 6.0.5. Duende.IdentityServer 5.1 and earlier and all versions of IdentityServer4 are no longer supported and will not be receiving updates. If upgrading is not possible, use `IUrlHelper.IsLocalUrl` from ASP.NET Core to validate return Urls in user interface code in the IdentityServer host.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:31 Jul, 2024 | 15:44
Updated At:31 Jul, 2024 | 16:51
Rejected At:
▼CVE Numbering Authority (CNA)
Duende IdentityServer Open Redirect vulnerability

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Note: by itself, this vulnerability does **not** allow an attacker to obtain user credentials, authorization codes, access tokens, refresh tokens, or identity tokens. An attacker could however exploit this vulnerability as part of a phishing attack designed to steal user credentials. This vulnerability is fixed in 7.0.6, 6.3.10, 6.2.5, 6.1.8, and 6.0.5. Duende.IdentityServer 5.1 and earlier and all versions of IdentityServer4 are no longer supported and will not be receiving updates. If upgrading is not possible, use `IUrlHelper.IsLocalUrl` from ASP.NET Core to validate return Urls in user interface code in the IdentityServer host.

Affected Products
Vendor
DuendeSoftware
Product
IdentityServer
Versions
Affected
  • < 6.0.5
  • >= 6.1.0-preview.1, <= 6.1.7
  • >= 6.2.0-preview.1, <= 6.2.4
  • >= 6.3.0-preview.1, <= 6.3.9
  • >= 7.0.0-preview.1, <= 7.0.5
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/DuendeSoftware/IdentityServer/security/advisories/GHSA-ff4q-64jc-gx98
x_refsource_CONFIRM
https://github.com/DuendeSoftware/IdentityServer/commit/269ca2171fe1e901c87f2f0797bbc7c230db87c6
x_refsource_MISC
https://github.com/DuendeSoftware/IdentityServer/commit/765116a2d4fb0671b6eba015e698533900c61c8e
x_refsource_MISC
https://github.com/DuendeSoftware/IdentityServer/commit/d0d8eab35ad9183b14925496803ed8b36658d0a1
x_refsource_MISC
https://github.com/DuendeSoftware/IdentityServer/commit/f04cf0be859b93f43563f8f812eb92206ad94011
x_refsource_MISC
https://github.com/DuendeSoftware/IdentityServer/commit/fe817b499933d6ed6141b153492d7335c28b184a
x_refsource_MISC
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/security/advisories/GHSA-ff4q-64jc-gx98
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/commit/269ca2171fe1e901c87f2f0797bbc7c230db87c6
Resource:
x_refsource_MISC
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/commit/765116a2d4fb0671b6eba015e698533900c61c8e
Resource:
x_refsource_MISC
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/commit/d0d8eab35ad9183b14925496803ed8b36658d0a1
Resource:
x_refsource_MISC
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/commit/f04cf0be859b93f43563f8f812eb92206ad94011
Resource:
x_refsource_MISC
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/commit/fe817b499933d6ed6141b153492d7335c28b184a
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:31 Jul, 2024 | 16:15
Updated At:31 Jul, 2024 | 16:15

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Note: by itself, this vulnerability does **not** allow an attacker to obtain user credentials, authorization codes, access tokens, refresh tokens, or identity tokens. An attacker could however exploit this vulnerability as part of a phishing attack designed to steal user credentials. This vulnerability is fixed in 7.0.6, 6.3.10, 6.2.5, 6.1.8, and 6.0.5. Duende.IdentityServer 5.1 and earlier and all versions of IdentityServer4 are no longer supported and will not be receiving updates. If upgrading is not possible, use `IUrlHelper.IsLocalUrl` from ASP.NET Core to validate return Urls in user interface code in the IdentityServer host.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-601Secondarysecurity-advisories@github.com
CWE ID: CWE-601
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/DuendeSoftware/IdentityServer/commit/269ca2171fe1e901c87f2f0797bbc7c230db87c6security-advisories@github.com
N/A
https://github.com/DuendeSoftware/IdentityServer/commit/765116a2d4fb0671b6eba015e698533900c61c8esecurity-advisories@github.com
N/A
https://github.com/DuendeSoftware/IdentityServer/commit/d0d8eab35ad9183b14925496803ed8b36658d0a1security-advisories@github.com
N/A
https://github.com/DuendeSoftware/IdentityServer/commit/f04cf0be859b93f43563f8f812eb92206ad94011security-advisories@github.com
N/A
https://github.com/DuendeSoftware/IdentityServer/commit/fe817b499933d6ed6141b153492d7335c28b184asecurity-advisories@github.com
N/A
https://github.com/DuendeSoftware/IdentityServer/security/advisories/GHSA-ff4q-64jc-gx98security-advisories@github.com
N/A
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/commit/269ca2171fe1e901c87f2f0797bbc7c230db87c6
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/commit/765116a2d4fb0671b6eba015e698533900c61c8e
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/commit/d0d8eab35ad9183b14925496803ed8b36658d0a1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/commit/f04cf0be859b93f43563f8f812eb92206ad94011
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/commit/fe817b499933d6ed6141b153492d7335c28b184a
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/DuendeSoftware/IdentityServer/security/advisories/GHSA-ff4q-64jc-gx98
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

72Records found
CVE-2025-30859
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 4.76%
||
7 Day CHG-0.03%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AliNext plugin <= 3.5.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ali2woo AliNext allows Phishing. This issue affects AliNext: from n/a through 3.5.1.

Action-Not Available
Vendor-ali2woo
Product-AliNext
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-28896
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 12.44%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AS English Admin plugin <= 1.0.0 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0.

Action-Not Available
Vendor-Akshar Soft Solutions
Product-AS English Admin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-24740
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 13.85%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-LearnPress
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-24741
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 13.85%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7.

Action-Not Available
Vendor-logonKB Support
Product-kb_supportKB Support
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-9266
Matching Score-4
Assigner-HeroDevs
ShareView Details
Matching Score-4
Assigner-HeroDevs
CVSS Score-4.7||MEDIUM
EPSS-0.03% / 6.78%
||
7 Day CHG~0.00%
Published-03 Oct, 2024 | 18:56
Updated-04 Oct, 2024 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.

Action-Not Available
Vendor-Express (OpenJS Foundation)
Product-expressexpress
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-7211
Matching Score-4
Assigner-1E Limited
ShareView Details
Matching Score-4
Assigner-1E Limited
CVSS Score-4.7||MEDIUM
EPSS-0.09% / 25.86%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 16:49
Updated-18 Jun, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

Action-Not Available
Vendor-1E Ltd
Product-platform1E Platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-54255
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 23.19%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:32
Updated-09 Dec, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login Widget With Shortcode plugin <= 6.1.2 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode allows Phishing.This issue affects Login Widget With Shortcode: from n/a through 6.1.2.

Action-Not Available
Vendor-aviplugins.com
Product-Login Widget With Shortcode
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-50463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 24.03%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 12:33
Updated-29 Oct, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunshine Photo Cart plugin <= 3.2.9 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.

Action-Not Available
Vendor-sunshinephotocartWP Sunshine
Product-sunshine_photo_cartSunshine Photo Cart
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-49682
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 22.55%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 11:36
Updated-31 Mar, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Membership plugin <= 4.5.3 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3.

Action-Not Available
Vendor-simple-membership-pluginsmp7, wp.insider
Product-simple_membershipSimple Membership
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-47648
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 22.55%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 18:06
Updated-14 Nov, 2024 | 01:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in EventPrime Events EventPrime.This issue affects EventPrime: from n/a through 4.0.4.5.

Action-Not Available
Vendor-theeventprimeEventPrime Events
Product-eventprimeEventPrime
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-47353
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 22.55%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 18:12
Updated-15 Oct, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ElementsReady Addons for Elementor plugin <= 6.4.2 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.

Action-Not Available
Vendor-QuomodoSoft
Product-ElementsReady Addons for Elementor
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-41215
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.7||MEDIUM
EPSS-0.14% / 34.00%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_abapSAP NetWeaver ABAP Server and ABAP Platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-33930
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.21% / 43.84%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 11:00
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Share This Image plugin <= 1.97 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97.

Action-Not Available
Vendor-ILLID
Product-Share This Image
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-33584
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 46.81%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 07:39
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Conferencing with Zoom plugin <= 4.4.4 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Deepen Bajracharya Video Conferencing with Zoom.This issue affects Video Conferencing with Zoom: from n/a through 4.4.4.

Action-Not Available
Vendor-Deepen Bajracharya
Product-Video Conferencing with Zoom
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-32129
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 46.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:32
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Freshdesk (official) plugin <= 2.3.6 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.6.

Action-Not Available
Vendor-Freshworks
Product-Freshdesk (official)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-31253
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 47.60%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 15:27
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP OAuth Server (OAuth Authentication) plugin <= 4.3.3 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3.

Action-Not Available
Vendor-WP OAuth Server
Product-OAuth Server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-31282
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.16% / 37.01%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 15:25
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress App Builder plugin <= 3.8.7 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7.

Action-Not Available
Vendor-Appcheap.io
Product-App Builder
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-47646
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 12:53
Updated-07 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Payflex Payment Gateway plugin <= 2.6.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1.

Action-Not Available
Vendor-Payflex
Product-Payflex Payment Gateway
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-47354
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 18:09
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Membership After Login Redirection plugin <= 1.6 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership After Login Redirection.This issue affects Simple Membership After Login Redirection: from n/a through 1.6.

Action-Not Available
Vendor-smp7, wp.insider
Product-Simple Membership After Login Redirection
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-43236
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:05
Updated-03 Sep, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy PayPal & Stripe Buy Now Button plugin <= 1.9 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9.

Action-Not Available
Vendor-Scott Paterson
Product-Easy PayPal Buy Now Button
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-43280
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 24.03%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:45
Updated-11 Apr, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon Booking System plugin <= 10.8.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1.

Action-Not Available
Vendor-salonbookingsystemSalon Booking System
Product-salon_booking_systemSalon booking system
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-24808
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-1.39% / 79.62%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 03:17
Updated-09 May, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.

Action-Not Available
Vendor-pyloadpyload
Product-pyloadpyload
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • Next
Details not found