WordPress Plugin Vulnerabilities

Nested Pages < 3.1.16 - Open Redirect

Description

The plugin was vulnerable to an Open Redirect via the page POST parameter in the npBulkActions, npBulkEdit, npListingSort, and npCategoryFilter admin_post actions.

Affects Plugins

Plugin icon
wp-nested-pages
Fixed in 3.1.16

References

CVE
CVE-2021-38343
URL
https://www.wordfence.com/blog/2021/08/nested-pages-patches-post-deletion-vulnerability/

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Ramuel Gall
Submitter
Ramuel Gall
Submitter twitter
ramuelgall
Verified
Yes
WPVDB ID
11423d88-511f-4582-9baa-e8a94b1050cf

Timeline

Publicly Published
2021-08-25 (about 4 years ago)
Added
2021-08-25 (about 4 years ago)
Last Updated
2022-04-10 (about 4 years ago)

Other

Published
Title
Published
2018-04-03
Title
WordPress 3.7-4.9.4 - Use Safe Redirect for Login
Published
2025-04-16
Title
Fast eBay Listings < 2.12.16 - Open Redirect
Published
2020-03-31
Title
WordPress SEO Plugin - Rank Math < 1.0.41 - Redirect Creation via Unprotected REST API Endpoint
Published
2025-05-07
Title
WP Gravity Forms Dynamics CRM < 1.1.5 - Open Redirect
Published
2024-04-29
Title
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.31 - Open Redirect