Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to Unknown - WordPress Newsletter Plugin – Noptin

CVE-2021-25033 (GCVE-0-2021-25033)

Vulnerability from cvelistv5

Published

2022-02-14 09:20

Modified

2024-08-03 19:49

Severity ?

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Summary

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue

References

▼	URL	Tags
	https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c	x_refsource_MISC
	https://plugins.trac.wordpress.org/changeset/2639592	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Unknown	WordPress Newsletter Plugin – Noptin	Version: 1.6.5 < 1.6.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:49:14.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2639592"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WordPress Newsletter Plugin \u2013 Noptin",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.6.5",
              "status": "affected",
              "version": "1.6.5",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Trang LKB"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-14T09:20:44",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://plugins.trac.wordpress.org/changeset/2639592"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Noptin \u003c 1.6.5 - Open Redirect",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-25033",
          "STATE": "PUBLIC",
          "TITLE": "Noptin \u003c 1.6.5 - Open Redirect"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WordPress Newsletter Plugin \u2013 Noptin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.6.5",
                            "version_value": "1.6.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Trang LKB"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c"
            },
            {
              "name": "https://plugins.trac.wordpress.org/changeset/2639592",
              "refsource": "CONFIRM",
              "url": "https://plugins.trac.wordpress.org/changeset/2639592"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-25033",
    "datePublished": "2022-02-14T09:20:45",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:49:14.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}