wpForo Forum < 1.9.7 – Open Redirect | CVE 2021-24406

Description

The plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)

Proof of Concept

Login to the forum using the following URL: https://example.com/community/?foro=signin&redirect_to=https://wpscan.com

Affects Plugins

wpforo

Fixed in 1.9.7

References

CVE

CVE-2021-24406

Classification

Type

REDIRECT

OWASP top 10

A1: Injection

CWE

CWE-601

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Hosein_vita

Submitter

Hosein vita

Submitter website

https://vitasecurityteam.com

Verified

Yes

WPVDB ID

a9284931-555b-4c96-86a3-09e1040b0388

Timeline

Publicly Published

2021-06-14 (about 2 years ago)

Added

2021-06-14 (about 2 years ago)

Last Updated

2021-06-21 (about 2 years ago)

Other

Published

Title

Published

2024-01-17

Title

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

Published

2021-12-22

Title

Event Tickets < 5.2.2 - Open Redirect

Published

2024-04-29

Title

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.31 - Open Redirect

Published

2014-06-02

Title

Grimag < 1.1.1 - Open Redirection

Published

2024-01-03

Title

WordPress Toolbar <= 2.2.6 - Open Redirect