Back

CVE-2024-3597

June 20, 2024, 12:43 p.m.

Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Export WP Page to Static HTML/CSS plugin for WordPress

  • up to 2.2.2

Source

security@wordfence.com

Tags

security@wordfence.com
2024-06-20
CVE-2024-3597

CVE-2024-3597 details

Published : June 20, 2024, 2:15 a.m.
Last Modified : June 20, 2024, 12:43 p.m.

Description

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

CVSS Score

1 2 3 4 5 6 7.1 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

Base Score

7.1

Exploitability Score

2.8

Impact Score

3.7

Base Severity

HIGH

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

References

URL Source
https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/class-export-wp-page-to-static-html-admin.php#L1289 security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=cve security@wordfence.com
This website uses the NVD API, but is not approved or certified by it.