CVE-2021-25033

MEDIUM NUCLEI

WordPress Newsletter Plugin <1.6.5 - Open Redirect

Title source: llm

Description

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue

Nuclei Templates (1)

Noptin < 1.6.5 - Open Redirect

MEDIUMby dhiyaneshDk

References (2)

[Patch, Third Party Advisory] https://plugins.trac.wordpress.org/changeset/2639592

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c

Scores

CVSS v3 6.1

EPSS 0.0106

EPSS Percentile 77.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (1)

noptin/noptin < 1.6.5

Published Feb 14, 2022

Tracked Since Feb 18, 2026