The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)
Published 2021-07-06 11:15:09
Updated 2021-07-09 15:55:04
Source WPScan
View at NVD,   CVE.org
Vulnerability category: Open redirect

Exploit prediction scoring system (EPSS) score for CVE-2021-24406

0.14%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-24406

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.8
MEDIUM AV:N/AC:M/Au:N/C:P/I:P/A:N
8.6
4.9
NIST
6.1
MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2.8
2.7
NIST

CWE ids for CVE-2021-24406

References for CVE-2021-24406

Products affected by CVE-2021-24406

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!