CVE-2021-24406

Name of the Vulnerable Software and Affected Versions wpForo Forum WordPress plugin versions prior to 1.9.7

Description The issue is related to an open redirect problem after a successful login, caused by the lack of validation of the redirect to parameter in the login form of the forum. This could allow an attacker to trick a user into using a login URL that redirects to a malicious website, which could be a replica of the legitimate one, prompting the user to re-enter their credentials. These credentials would then be in the attacker's hands.

Recommendations For versions prior to 1.9.7, update to version 1.9.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the login form or validating the redirect to parameter manually until a patch is applied. Avoid using the redirect to parameter in the login URL until the issue is resolved.