WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Noptin < 1.6.5 - Open Redirect

Description

The plugin does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue

Proof of Concept

https://example.com/?noptin_ns=email_click&to=https://wpscan.com

Affects Plugins

newsletter-optin-box
Fixed in version 1.6.5

References

CVE
CVE-2021-25033
URL
https://plugins.trac.wordpress.org/changeset/2639592

Classification

Type

REDIRECT

OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Original Researcher

Trang LKB

Submitter

Channchan

Verified

Yes

WPVDB ID
c2d2384c-41b9-4aaf-b918-c1cfda58af5c

Timeline

Publicly Published

2022-01-17 (about 5 months ago)

Added

2022-01-17 (about 5 months ago)

Last Updated

2022-04-12 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin