CVE-2021-25033

Exploit

EPSS 1.06%
Veröffentlicht 14.02.2022 12:15:15
Zuletzt bearbeitet 21.11.2024 05:54:13
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WordPress Newsletter Plugin – Noptin < 1.6.5 - Open Redirect

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue

Mögliche Gegenmaßnahme

Simple Newsletter Plugin – Noptin: Update to version 1.6.5, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Simple Newsletter Plugin – Noptin

Version [*, 1.6.5)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Noptin ≫ Noptin SwPlatformwordpress Version < 1.6.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.06%	0.77

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://plugins.trac.wordpress.org/changeset/2639592

Patch

Third Party Advisory

https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/c5372890-72d4-482d-a7f2-04a50520c4dc

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25033

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25033

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25033

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-25033