Travelpayouts <= 1.1.16 - Open Redirect
ID: CVE-2024-0337
Severity: medium
Author: s4e-io
Tags: wpscan,cve,cve2024,wp,wp-plugin,wordpress,redirect,travelpayouts
Description
Section titled “Description”The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
YAML Source
Section titled “YAML Source”id: CVE-2024-0337
info: name: Travelpayouts <= 1.1.16 - Open Redirect author: s4e-io severity: medium description: | The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. reference: - https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/ - https://nvd.nist.gov/vuln/detail/CVE-2024-0337 classification: cve-id: CVE-2024-0337 epss-score: 0.00043 epss-percentile: 0.07895 metadata: verified: true max-request: 1 publicwww-query: inurl:"/wp-content/plugins/travelpayouts" tags: wpscan,cve,cve2024,wp,wp-plugin,wordpress,redirect,travelpayouts
http: - method: GET path: - "{{BaseURL}}/?travelpayouts_redirect=https://oast.me"
redirects: true max-redirects: 2 matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'# digest: 4a0a0047304502200a3a8e667542574f9392fb2d08ee462e00de62c1a0926c4a5f794d3335c01199022100f473010895e2f7eabd43f12c2aa1ddf3fe345fb636b084b734bf2d058ea87a00:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-0337.yaml"