← back
CVE-2021-25111

English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect

EPSS 1.9%CWE-601
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 1.9%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
25 Apr 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
Affected products
Unknown · English WordPress Admin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/af548fab-96c2-4129-b609-e24aad0b1fc4