PT-2022-9590 · WordPress · Wordpress Newsletter Plugin

Channchan

Published

2022-02-14

Updated

2022-02-23

CVE-2021-25033

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WordPress Newsletter Plugin version 1.6.4 and earlier

Description The issue is related to an open redirect problem. It occurs because the to parameter is not validated before redirecting the user to its given value.

Recommendations For WordPress Newsletter Plugin version 1.6.4 and earlier, update to version 1.6.5 or later to resolve the issue.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2021-25033

Affected Products

Wordpress Newsletter Plugin

PT-2022-9590 · WordPress · Wordpress Newsletter Plugin

CVE-2021-25033

Weakness Enumeration

Related Identifiers

Affected Products

References · 5