nuclei-templates/http/cves/2024/CVE-2024-0337.yaml

id: CVE-2024-0337

info:
  name: Travelpayouts <= 1.1.16 - Open Redirect
  author: Kazgangap
  severity: medium
  description: |
    The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
  reference:
    - https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0337
  classification:
    cve-id: CVE-2024-0337
    epss-score: 0.00043
    epss-percentile: 0.07895
  metadata:
    verified: true
    max-request: 1
    publicwww-query: inurl:"/wp-content/plugins/travelpayouts"
  tags: wpscan,cve,cve2024,wp,wp-plugin,wordpress,redirect,travelpayouts

http:
  - method: GET
    path:
      - "{{BaseURL}}/?travelpayouts_redirect=https://oast.me"

    redirects: true
    max-redirects: 2
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
# digest: 4a0a00473045022100b62074d8f68fb2cd5bca314322a65516a6df198a8b84351098fe13babf2af5680220740b91fd3dc325e68c28496b76f1c373dc916628237e0245cf337f693ca65fb9:922c64590222798bb761d5b6d8e72950
add cve-2024-0337 open redirect 2024-04-10 21:29:59 +00:00			`id: CVE-2024-0337`
updated info, added redirect 2024-04-11 04:56:40 +00:00
add cve-2024-0337 open redirect 2024-04-10 21:29:59 +00:00			`info:`
			`name: Travelpayouts <= 1.1.16 - Open Redirect`
			`author: Kazgangap`
			`severity: medium`
			`description: \|`
			`The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.`
			`reference:`
			`- https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/`
updated info, added redirect 2024-04-11 04:56:40 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2024-0337`
add cve-2024-0337 open redirect 2024-04-10 21:29:59 +00:00			`classification:`
updated info, added redirect 2024-04-11 04:56:40 +00:00			`cve-id: CVE-2024-0337`
add cve-2024-0337 open redirect 2024-04-10 21:29:59 +00:00			`epss-score: 0.00043`
			`epss-percentile: 0.07895`
updated info, added redirect 2024-04-11 04:56:40 +00:00			`metadata:`
			`verified: true`
			`max-request: 1`
			`publicwww-query: inurl:"/wp-content/plugins/travelpayouts"`
product/queries updated 2024-05-31 19:23:20 +00:00			`tags: wpscan,cve,cve2024,wp,wp-plugin,wordpress,redirect,travelpayouts`
add cve-2024-0337 open redirect 2024-04-10 21:29:59 +00:00
			`http:`
			`- method: GET`
			`path:`
updated info, added redirect 2024-04-11 04:56:40 +00:00			`- "{{BaseURL}}/?travelpayouts_redirect=https://oast.me"`
add cve-2024-0337 open redirect 2024-04-10 21:29:59 +00:00
updated info, added redirect 2024-04-11 04:56:40 +00:00			`redirects: true`
			`max-redirects: 2`
add cve-2024-0337 open redirect 2024-04-10 21:29:59 +00:00			`matchers:`
			`- type: regex`
			`part: header`
			`regex:`
updated info, added redirect 2024-04-11 04:56:40 +00:00			`- '(?m)^(?:Location\s?:\s?)(?:https?://\|//)?(?:[a-zA-Z0-9\-_\.@])oast\.me.$'`
Auto Template Signing [Thu Apr 11 06:48:49 UTC 2024] :robot: 2024-04-11 06:48:49 +00:00			`# digest: 4a0a00473045022100b62074d8f68fb2cd5bca314322a65516a6df198a8b84351098fe13babf2af5680220740b91fd3dc325e68c28496b76f1c373dc916628237e0245cf337f693ca65fb9:922c64590222798bb761d5b6d8e72950`