Skip to content
Nuclei Templates

WordPress wpForo Forum < 1.9.7 - Open Redirect

ID: CVE-2021-24406

Severity: medium

Author: 0x_Akoko

Tags: cve2021,cve,wpscan,wordpress,redirect,gvectors

Description

Section titled “Description”

WordPress wpForo Forum < 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login.

YAML Source

Section titled “YAML Source”
id: CVE-2021-24406


info:
  name: WordPress wpForo Forum < 1.9.7 - Open Redirect
  author: 0x_Akoko
  severity: medium
  description: WordPress wpForo Forum < 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login.
  impact: |
    An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the disclosure of sensitive information.
  remediation: |
    Update wpForo Forum to version 1.9.7 or later to fix the open redirect vulnerability.
  reference:
    - https://wpscan.com/vulnerability/a9284931-555b-4c96-86a3-09e1040b0388
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24406
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-24406
    cwe-id: CWE-601
    epss-score: 0.00137
    epss-percentile: 0.48279
    cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: gvectors
    product: wpforo_forum
    framework: wordpress
  tags: cve2021,cve,wpscan,wordpress,redirect,gvectors


http:
  - method: GET
    path:
      - "{{BaseURL}}/community/?foro=signin&redirect_to=https://interact.sh/"


    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
# digest: 4b0a00483046022100d291738fe60a73f875c8cfd16ef9de8731a47f60e10752f64d0c2ad9455e3714022100a4b95bb530262359e11fcb6c7f33f4f3f7ade5fc8190147793f3d03541a25b66:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-24406.yaml"

View on Github