|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-11-28 | |
| Rule Name: | Noptin 1.6.5 Open Redirect Vulnerability (CVE-2021-25033) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue. | |
| Impact: | The server does not check and control the incoming redirect URL variables, and attackers can maliciously construct any malicious address to induce users to jump to malicious websites. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://plugins.trac.wordpress.org/changeset/2639592 https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c |