cleantalk
Vulnerabilities and Security Researches

wpForo Forum, CVE-2021-24406

CVE, Research URL

CVE-2021-24406

Home page URL

Security reports for wpForo Forum

Application

wpForo Forum

Published on
Jul 06, 2021
Research Description
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)
Affected versions
Min -, max 1.9.7.
Status
vulnerable
Previous vulnerability researches
wpForo Forum (CVE-2019-19109) , Jun 06, 2024
wpForo Forum (CVE-2022-40205) , Jun 06, 2024
wpForo Forum (CVE-2021-24406) , Jun 06, 2024
wpForo Forum (CVE-2022-38144) , Jun 06, 2024
wpForo Forum (CVE-2019-19112) , Jun 06, 2024
New vulnerability
WPFront User Role Editor (CVE-2025-3064) , Apr 09, 2025
Simple WP Events (CVE-2025-2004) , Apr 09, 2025
Advanced Advertising System (CVE-2025-3433) , Apr 09, 2025
Melhor Envio (CVE-2024-13820) , Apr 09, 2025
AAWP Obfuscator (CVE-2025-3432) , Apr 09, 2025