| ID | CVE-2021-25102 | ||||||
| Sažetak | The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk | ||||||
| Reference | |||||||
| CVSS |
|
||||||
| Pristup |
|
||||||
| Impact |
|
||||||
| CVSS vektor | AV:N/AC:H/Au:N/C:N/I:P/A:N | ||||||
| Zadnje važnije ažuriranje | 10-05-2022 - 13:14 | ||||||
| Objavljeno | 02-05-2022 - 16:15 |
