{"api_version":"1","generated_at":"2026-05-13T19:41:22+00:00","cve":"CVE-2023-38481","urls":{"html":"https://cve.report/CVE-2023-38481","api":"https://cve.report/api/cve/CVE-2023-38481.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-38481","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-38481"},"summary":{"title":"WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection","description":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.","state":"PUBLISHED","assigner":"Patchstack","published_at":"2023-12-19 20:15:07","updated_at":"2026-04-28 19:21:02"},"problem_types":["CWE-601","CWE-601 CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"audit@patchstack.com","type":"Secondary","score":"4.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"4.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve","name":"https://patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-38481","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38481","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"CRM Perks","product":"Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin","version":"affected n/a 1.3.7 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Update to 1.3.7 or a higher version.","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Phd (Patchstack Alliance)","lang":"en"}],"nvd_cpes":[{"cve_year":"2023","cve_id":"38481","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"crmperks","cpe5":"integration_for_woocommerce_and_zoho_crm\\,_books\\,_invoice\\,_inventory\\,_bigin","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-02T17:39:13.625Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["vdb-entry","x_transferred"],"url":"https://patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve"}],"title":"CVE Program Container"}],"cna":{"affected":[{"collectionURL":"https://wordpress.org/plugins","defaultStatus":"unaffected","packageName":"woo-zoho","product":"Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin","vendor":"CRM Perks","versions":[{"changes":[{"at":"1.3.7","status":"unaffected"}],"lessThan":"1.3.7","status":"affected","version":"n/a","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Phd (Patchstack Alliance)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.<p>This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.</p>"}],"value":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-601","description":"CWE-601 URL Redirection to Untrusted Site ('Open Redirect')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-28T16:08:34.255Z","orgId":"21595511-bba5-4825-b968-b78d1f9984a3","shortName":"Patchstack"},"references":[{"tags":["vdb-entry"],"url":"https://patchstack.com/database/vulnerability/woo-zoho/wordpress-integration-for-woocommerce-and-zoho-crm-plugin-1-3-7-open-redirection-vulnerability?_s_id=cve"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update to 1.3.7 or a higher version."}],"value":"Update to 1.3.7 or a higher version."}],"source":{"discovery":"EXTERNAL"},"title":"WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection","x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"21595511-bba5-4825-b968-b78d1f9984a3","assignerShortName":"Patchstack","cveId":"CVE-2023-38481","datePublished":"2023-12-19T20:00:45.781Z","dateReserved":"2023-07-18T12:33:31.061Z","dateUpdated":"2026-04-28T16:08:34.255Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2023-12-19 20:15:07","lastModifiedDate":"2026-04-28 19:21:02","problem_types":["CWE-601","CWE-601 CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:crmperks:integration_for_woocommerce_and_zoho_crm\\,_books\\,_invoice\\,_inventory\\,_bigin:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.7","matchCriteriaId":"20ED1B82-0E8F-4FFE-9ABF-94DE51150101"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"38481","Ordinal":"1","Title":"WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.","CVE":"CVE-2023-38481","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"38481","Ordinal":"1","NoteData":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.","Type":"Description","Title":"WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3."}]}}}