CVE-2021-24406

MEDIUM Year: 2021
CVSS v3 Score
6.1
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)

Related Vulnerabilities

CVE-2005-10001

MEDIUM
CVSS:6.1(Medium)

A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The mani...

CWE-6012005

CVE-2005-4206

MEDIUM
CVSS:6.1(Medium)

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks ...

CWE-6012005

CVE-2008-2052

MEDIUM
CVSS:6.1(Medium)

Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.

CWE-6012008

CVE-2008-2951

MEDIUM
CVSS:6.1(Medium)

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possi...

CWE-6012008

CVE-2010-3661

MEDIUM
CVSS:6.1(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.

CWE-6012010