From oss-security  Thu Apr 23 16:32:30 2015
From: Jing Wang <justqdjing () gmail ! com>
Date: Thu, 23 Apr 2015 16:32:30 +0000
To: oss-security
Subject: [oss-security] WordPress Newsletter Plug-in URL Redirection Vulnerability - CVE Request
Message-Id: <CAFWG0-jJyeOWZUykFXXxDDuGKsnPZbUHBZnO9Rwpuv_B=_FzwQ () mail ! gmail ! com>
X-MARC-Message: https://marc.info/?l=oss-security&m=142983280729538
MIME-Version: 1
Content-Type: multipart/mixed; boundary="--001a113ad9f077379b051466d398"

--001a113ad9f077379b051466d398
Content-Type: text/plain; charset=UTF-8

Hello,

Could you assign a CVE reference ID for the following vulnerability?
Thank you very much.

http://seclists.org/fulldisclosure/2015/Mar/23
http://www.osvdb.org/show/osvdb/119170
http://packetstormsecurity.com/files/130647/wpnewsletter-openredirect.txt



=======
Exploit Title:
The Newsletter Plugin for WordPress do.php nr Parameter Open Redirect

Product:
WordPress Newsletter Plug-in

Vendor:
Satollo.net

Vendor Link:
http://www.satollo.net/downloads
https://wordpress.org/plugins/newsletter/
https://github.com/WordPress-Plugins-Themes/newsletter

Vulnerable Versions:
Version 2.6.4.4
version 2.6.4.3
version 2.6.4.2
version 2.6.4.1
version 2.6.4
version 2.6.3
version 2.5.3.3
version 2.5.3.2
version 2.5.3.1
version 2.5.3
version 2.5.2.3
version 2.5.2.2
version 2.5.2.1
version 2.5.2
version 2.5.1.5
version 2.5.1.4
Version 2.5.1.3
Version 2.5.1.2
Version 2.5.1.1
Version 2.5.1
Version 2.5.0.1
Version 2.5.0


Tested Versions:
Check All Related Versions' Source Code

=======


Best Regards,
Jing

--001a113ad9f077379b051466d398--