CVE-2021-25111

🗓️ 25 Apr 2022 15:50:47Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 85 Views🌐 WEB

The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issu

Reporter	Title	Published	Views	Family All 11
CNNVD	WordPress plugin English WordPress Admin 输入验证错误漏洞	25 Apr 202200:00	–	cnnvd
CNVD	WordPress English WordPress Admin plugin重定向漏洞	27 Apr 202200:00	–	cnvd
Cvelist	CVE-2021-25111 English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect	25 Apr 202215:50	–	cvelist
EUVD	EUVD-2021-12023	7 Oct 202500:30	–	euvd
Nuclei	WordPress English Admin <1.5.2 - Open Redirect	11 Jun 202603:33	–	nuclei
NVD	CVE-2021-25111	25 Apr 202216:16	–	nvd
Patchstack	WordPress English WordPress Admin plugin <= 1.5.1 - Unauthenticated Open Redirect vulnerability	29 Mar 202200:00	–	patchstack
Prion	Open redirect	25 Apr 202216:16	–	prion
RedhatCVE	CVE-2021-25111	22 May 202519:25	–	redhatcve
wpexploit	English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect	29 Mar 202200:00	–	wpexploit

NVD

Vulners

Node

english_wordpress_admin_project english_wordpress_adminRange<1.5.2wordpress

[
  {
    "product": "English WordPress Admin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.5.2",
        "status": "affected",
        "version": "1.5.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/af548fab-96c2-4129-b609-e24aad0b1fc4

Parameter	Position	Path	Description	CWE
admin_custom_language_return_url	query param	wp-admin/admin-ajax.php	Open redirect via unvalidated admin_custom_language_return_url parameter in heartbeat action	CWE-601

21 Nov 2024 05:54Current

6.2Medium risk

Vulners AI Score6.2

CVSS 25.8

CVSS 3.16.1

EPSS0.01767

CWE-601