{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-4900","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-05-15T09:03:29.970Z","datePublished":"2024-06-24T06:00:01.863Z","dateUpdated":"2024-12-04T21:01:49.983Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2024-06-24T06:00:01.863Z"},"title":"SEOPress < 7.8 - Contributor+ Open Redirect","problemTypes":[{"descriptions":[{"description":"CWE-601 URL Redirection to Untrusted Site ('Open Redirect')","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"SEOPress ","versions":[{"status":"affected","versionType":"semver","version":"0","lessThan":"7.8"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The SEOPress  WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post"}],"references":[{"url":"https://wpscan.com/vulnerability/a56ad272-e2ed-4064-9b5d-114a834dd8b3/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Dmitrii Ignatyev","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":6.1,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-07-02T20:24:50.611072Z","id":"CVE-2024-4900","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-04T21:01:49.983Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:55:10.269Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/a56ad272-e2ed-4064-9b5d-114a834dd8b3/","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]}}