CVE-2021-25033

Опубликовано: 14 фев. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue

Ссылки

https://plugins.trac.wordpress.org/changeset/2639592
Patch
Third Party Advisory
https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2639592
Patch
Third Party Advisory
https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:noptin:noptin:*:*:*:*:*:wordpress:*:*

Версия до 1.6.5 (исключая)

EPSS

Процентиль: 77%

0.01059

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-gxrq-7hvq-53q3

github

почти 4 года назад