The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/562e81ad-7422-4437-a5b4-fcab9379db82 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-01-17T13:00:27
Updated: 2022-05-09T16:50:26
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24838
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-17T13:15:07.577
Modified: 2022-07-21T12:40:14.117
Link: CVE-2021-24838
JSON object: View
Redhat Information
No data.
CWE