CVE Vulnerability

CVE-2021-24406

The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)

5.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://wpscan.com/vulnerability/a9284931-555b-4c96-86a3-09e1040b0388 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*
Information

Published : 2021-07-06 11:15

Updated : 2021-07-09 03:55

NVD link : CVE-2021-24406

Mitre link : CVE-2021-24406

Products Affected
No products.
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')