.. / CVE-2021-25033

Exploit for Noptin < 1.6.5 - Open Redirect (CVE-2021-25033)

Description:

Noptin < 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the “to” parameter before redirecting the user to its given value, leading to an open redirect issue.

Nuclei Template

View the template here CVE-2021-25033.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-25033.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-25033
https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c
https://github.com/ARPSyndicate/kenzer-templates
https://plugins.trac.wordpress.org/changeset/2639592

.. / CVE-2021-25033 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Noptin < 1.6.5 - Open Redirect (CVE-2021-25033)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-25033