The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
References
Link | Resource |
---|---|
https://magos-securitas.com/txt/CVE-2023-6389.txt | Exploit |
https://wpscan.com/vulnerability/04dafc55-3a8d-4dd2-96da-7a8b100e5a81/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-29T14:44:16.273Z
Updated: 2024-01-29T14:44:16.273Z
Reserved: 2023-11-29T20:04:45.102Z
Link: CVE-2023-6389
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-29T15:15:09.410
Modified: 2024-02-03T01:20:39.633
Link: CVE-2023-6389
JSON object: View
Redhat Information
No data.
CWE