WordPress Plugin Vulnerabilities
wpForo Forum < 1.9.7 - Open Redirect
Description
The plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)
Proof of Concept
Login to the forum using the following URL: https://example.com/community/?foro=signin&redirect_to=https://wpscan.com
Affects Plugins
References
CVE
Classification
Type
REDIRECT
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Hosein_vita
Submitter
Hosein vita
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-06-14 (about 2 years ago)
Added
2021-06-14 (about 2 years ago)
Last Updated
2021-06-21 (about 2 years ago)