Nested Pages <= 3.1.15 Open Redirect
CVE-2021-38343

4.7MEDIUM

Key Information:

Vendor: Wordpress
Status: Nested Pages
Vendor: CVE Published:; 30 August 2021

Summary

The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the page POST parameter in the npBulkActions, npBulkEdit, npListingSort, and npCategoryFilter admin_post actions.

Affected Version(s)

Nested Pages 3.1.15

References

https://www.wordfence.com/blog/2021/08/nested-pages-pat%E...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 30, 2021
Vulnerability Reserved
Aug 9, 2021

Credit

Ramuel Gall, Wordfence