← back
CVE-2021-25033

Noptin < 1.6.5 - Open Redirect

EPSS 2.7%CWE-601
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue
Affected products
Unknown · WordPress Newsletter Plugin – Noptin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://plugins.trac.wordpress.org/changeset/2639592https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c