CVE-2023-0552
Published: 27 February 2023
Summary
CVE-2023-0552 is a medium-severity an unspecified weakness vulnerability in Genetechsolutions Pie Register. Its CVSS base score is 5.4 (Medium).
Operationally, ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The Registration Forms WordPress plugin before version 3.8.2.3 contains an open redirect vulnerability stemming from insufficient validation of redirection URLs during login and logout operations. The affected component is the plugin's authentication flow, which accepts untrusted redirect parameters without proper sanitization or allow-list checks.
An attacker with low-privileged access can supply a crafted redirect URL that triggers the flaw when a user completes login or logout. Successful exploitation results in redirection to an arbitrary external site, enabling limited impacts on confidentiality and integrity within a changed security scope as reflected in the CVSS 5.4 rating that requires user interaction.
The referenced WPScan advisory identifies the issue in the plugin prior to 3.8.2.3 and indicates that updating to a fixed release addresses the improper redirect handling. The associated EPSS score has remained flat at 0.1638 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12597
Vulnerability details
The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.