文豆 & 文库

白帽子计算机安全:

CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Security Vulnerability

 

 

Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Security Vulnerability

Product: WordPress Ad-Manager Plugin

Vendor: CodeCanyon

Vulnerable Versions: 1.1.2

Tested Version: 1.1.2

Advisory Publication: Nov 25, 2014

Latest Update: Nov 25, 2014

Vulnerability Type: URL Redirection to Untrusted Site  [CWE-601]

CVE Reference: CVE-2014-8754

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]



http://vulnerabilitypost.wordpress.com/2014/12/04/cve-2014-8754-wordpress-ad-manager-plugin-dest-redirect-privilege-escalation/



评论

热度(23)