Unrated severityNVD Advisory· Published Jul 6, 2021· Updated Aug 3, 2024
wpForo Forum < 1.9.7 - Open Redirect
CVE-2021-24406
Description
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.9.7
- Range: 1.9.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/a9284931-555b-4c96-86a3-09e1040b0388mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.