Back to search
CVE-2021-24406
Published: Jul 6, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)
| Vendor | Product | Versions |
|---|---|---|
gVectors Team | wpForo Forum | affected 1.9.7 - < 1.9.7 |
Weaknesses (CWE)
References
https://wpscan.com/vulnerability/a9284931-555b-4c96-86a3-09e1040b0388
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now