CVE-2021-25033
MEDIUM NUCLEIWordPress Newsletter Plugin <1.6.5 - Open Redirect
Title source: llmExploitation Summary
CVE-2021-25033 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue
Nuclei Templates (1)
Noptin < 1.6.5 - Open Redirect
MEDIUMby dhiyaneshDk
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c
Patch, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2639592
Scores
CVSS v3
6.1
EPSS
0.0268
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
noptin/noptin
< 1.6.5
Published
Feb 14, 2022
Tracked Since
Feb 18, 2026