CVE-2021-25033

Sažetak

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue

Reference

https://plugins.trac.wordpress.org/changeset/2639592
https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

23-02-2022 - 15:01

Objavljeno

14-02-2022 - 12:15