Uncanny Toolkit for LearnDash - Open Redirection
ID: CVE-2023-34020
Severity: medium
Author: LeDoubleTake
Tags: cve2023,cve,wordpress,uncanny-learndash-toolkit,wpscan,redirect
Description
Section titled “Description”A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.
YAML Source
Section titled “YAML Source”id: CVE-2023-34020
info: name: Uncanny Toolkit for LearnDash - Open Redirection author: LeDoubleTake severity: medium description: | A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security. reference: - https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability - https://wordpress.org/plugins/uncanny-learndash-toolkit/ - https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability?_s_id=cve classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N cvss-score: 4.7 cve-id: CVE-2023-34020 cwe-id: CWE-601 epss-score: 0.00076 epss-percentile: 0.32361 cpe: cpe:2.3:a:uncannyowl:uncanny_toolkit_for_learndash:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 publicwww-query: "/wp-content/plugins/uncanny-learndash-toolkit/" product: uncanny_toolkit_for_learndash vendor: uncannyowl tags: cve2023,cve,wordpress,uncanny-learndash-toolkit,wpscan,redirect
http: - method: GET path: - "{{BaseURL}}/?rest_route=/ult/v2/review-banner-visibility&action=maybe-later&redirect=yes&redirect_url=https://interact.sh"
matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'# digest: 4b0a00483046022100b446accb8e0f81d7ccb75aee266081cf57f6dfa54a2d62b0480ba2b70e61870c022100ce6af528473203a4338710a45cd561cd9c9c6554a682624aa07a2cfd22a247e5:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-34020.yaml"