4 matches found
WordPress AnyComment <0.3.5 - Open Redirect
WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information...
CVE-2021-24838 AnyComment < 0.3.5 - Open Redirect
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...
AnyComment <= 0.3.1 - Open Redirect
The plugin has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. PoC...
Pie Register < 3.7.2.4 - Open Redirect
The plugin passes unvalidated user input to the wpredirect function, without validating it, leading to an Open redirect issue PoC https://example.com/?piereglogouturl=trueto=https://wpscan.com...