AnyComment < 0.3.5 – Open Redirect | CVE 2021-24838 | Plugin Vulnerabilities

Description

The plugin has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.

Proof of Concept

v < 0.3.4 - https://example.com/wp-json/anycomment/v1/auth/wordpress?redirect=https://wpscan.com

v < 0.3.5 - https://example.com/wp-json/anycomment/v1/auth/wordpress?redirect=https://wpscan.com?a=https://example.com

Affects Plugins

Fixed in 0.3.5

References

CVE

Classification

Type

REDIRECT

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Brandon Roldan

Submitter

Brandon Roldan

Submitter twitter

Verified

Yes

WPVDB ID

562e81ad-7422-4437-a5b4-fcab9379db82

Timeline

Publicly Published

2021-12-20 (about 4 years ago)

Added

2021-12-20 (about 4 years ago)

Last Updated

2022-05-04 (about 3 years ago)

Other

Published

Title

Published

2014-08-01

Title

Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect

Published

2024-04-29

Title

Share This Image < 1.99 - Open Redirect

Published

2024-09-30

Title

Payflex Payment Gateway < 2.6.2 - Open Redirect

Published

2017-07-13

Title

Download Manager <= 2.9.50 - Open Redirect

Published

2021-12-27

Title

WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect