Description

WordPress Plugin WP Symposium is prone to an open redirect vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin WP Symposium version 13.04 is vulnerable; prior versions may also be affected.

Remediation

Update to the latest version

References

http://secunia.com/advisories/52925/

http://www.securityfocus.com/bid/59045/

Related Vulnerabilities

WordPress Plugin Advanced Page Manager Cross-Site Scripting (1.4.1)

WordPress Plugin Audit Trail Cross-Site Scripting (1.1.13)

WordPress Plugin Better Search Replace Cross-Site Request Forgery (1.3.2)

WordPress Plugin RentPress Cross-Site Scripting (6.6.4)

WordPress Plugin Custom Field Suite Cross-Site Scripting (2.5.14)

Severity

High

Classification

CVE-2013-2694 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Tags

Missing Update Url Redirection