PT-2021-15755 · WordPress · Phastpress

Felipe Restrepo Rodriguez

Published

2021-04-05

Updated

2021-04-12

CVE-2021-24210

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: PhastPress WordPress plugin versions prior to 1.111

Description: The issue is related to an open redirect that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. A support comment indicates that although the PHP involved in the request is supposed to only go to whitelisted pages, it is possible to redirect the victim to any domain.

Recommendations: For versions prior to 1.111, update to version 1.111 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2021-24210

Affected Products

Phastpress

PT-2021-15755 · WordPress · Phastpress

CVE-2021-24210

Weakness Enumeration

Related Identifiers

Affected Products

References · 5