CVE-2023-6786

MEDIUM NUCLEI

Payment Gateway for Telcell < 2.0.4 - Open Redirect via api_url Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-6786. PoCs published by halilkirazkaya. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for multiple CVEs, including CVE-2023-6786. Each entry includes a description, PoC code, and references. The PoCs are well-structured and demonstrate the vulnerabilities effectively.

Description

The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue

Exploits (1)

github WORKING POC 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2023/CVE-2023-6786.md

View Code ZIP pw:eip

The repository contains functional exploit code for multiple CVEs, including CVE-2023-6786. Each entry includes a description, PoC code, and references. The PoCs are well-structured and demonstrate the vulnerabilities effectively.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Various software including WordPress plugins, QNAP Photo Station, IBM Data Risk Manager, and Wipro Holmes Orchestrator

No auth needed

Prerequisites: Access to the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Payment Gateway for Telcell < 2.0.4 - Open Redirect

MEDIUMVERIFIEDby s4e-io

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/f3e64947-3138-4ec4-86c4-27b5d6a5c9c2/

Scores

CVSS v3 6.1

EPSS 0.0046

EPSS Percentile 36.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

hkdigit/payment_gateway_for_telcell < 2.0.4

Published May 15, 2025

Tracked Since Feb 18, 2026