Lucene search
K

Uncanny Toolkit for LearnDash - Open Redirection

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 36 Views

A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security

Related
Refs
Code
id: CVE-2023-34020

info:
  name: Uncanny Toolkit for LearnDash - Open Redirection
  author: LeDoubleTake
  severity: medium
  description: |
    A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.
  impact: |
    Unauthenticated attackers can craft malicious redirect URLs through the REST API to redirect LearnDash users to phishing sites, potentially stealing login credentials and compromising user accounts.
  remediation: |
    Update Uncanny Toolkit for LearnDash plugin to version 3.6.4.4 or later that validates redirect URLs and prevents open redirect attacks in the REST API.
  reference:
    - https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability
    - https://wordpress.org/plugins/uncanny-learndash-toolkit/
    - https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability?_s_id=cve
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
    cvss-score: 4.7
    cve-id: CVE-2023-34020
    cwe-id: CWE-601
    epss-score: 0.00963
    epss-percentile: 0.57329
    cpe: cpe:2.3:a:uncannyowl:uncanny_toolkit_for_learndash:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "/wp-content/plugins/uncanny-learndash-toolkit/"
    product: uncanny_toolkit_for_learndash
    vendor: uncannyowl
  tags: cve2023,cve,wordpress,uncanny-learndash-toolkit,wpscan,redirect,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/?rest_route=/ult/v2/review-banner-visibility&action=maybe-later&redirect=yes&redirect_url=https://interact.sh"

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
# digest: 480a00453043021f603b624dd15af481479ce7949535909a94e883fbd5eaa3553a48532a10fbeb0220132d8f337f70bad2a1165d2b11c0b130186d828e09cc7973c5bed0c743cbb0ff:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.14.7 - 6.1
EPSS0.00963
SSVC
36