WordPress Plugin Vulnerabilities

English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect

Description

The plugin does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue

Proof of Concept

Affects Plugins

Plugin icon
english-wp-admin
Fixed in 1.5.2

References

CVE
CVE-2021-25111

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
af548fab-96c2-4129-b609-e24aad0b1fc4

Timeline

Publicly Published
2022-03-29 (about 3 years ago)
Added
2022-03-29 (about 3 years ago)
Last Updated
2022-04-08 (about 3 years ago)

Other

Published
Title
Published
2014-08-01
Title
WordPress 3.6 - Multiple Script Arbitrary Site Redirect
Published
2025-05-07
Title
WP Gravity Forms Dynamics CRM < 1.1.5 - Open Redirect
Published
2025-09-26
Title
WP Gravity Forms HubSpot < 1.2.6 - Open Redirect
Published
2019-10-21
Title
Bridge Theme < 18.2.1 - Open Redirect
Published
2023-02-06
Title
Pie Register < 3.8.2.3 - Open Redirect