CVE-2021-24406
wpForo Forum < 1.9.7 - Open Redirect
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 3.4%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
06 jul 2021Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)
Productos afectados
gVectors Team · wpForo Forum¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →