CVE-2015-5461

NUCLEI

WordPress StageShow <5.0.9 - Open Redirect

Title source: llm

Description

Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

Nuclei Templates (1)

WordPress StageShow <5.0.9 - Open Redirect

MEDIUMby 0x_Akoko

References (6)

[Exploit] http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.html

[Exploit] http://seclists.org/fulldisclosure/2015/Jul/27

[Product] https://plugins.trac.wordpress.org/changeset/1165310/

[Patch] https://wordpress.org/plugins/stageshow/changelog/

[Third Party Advisory] https://wpvulndb.com/vulnerabilities/8073

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/75552

Scores

EPSS 0.1779

EPSS Percentile 95.1%

Details

Status published

Products (1)

stageshow_project/stageshow < 5.08

Published Jul 08, 2015

Tracked Since Feb 18, 2026