id: CVE-2023-6389 info: name: WordPress Toolbar <= 2.2.6 - Open Redirect author: Kazgangap severity: medium description: | The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. reference: - https://wpscan.com/vulnerability/04dafc55-3a8d-4dd2-96da-7a8b100e5a81/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6389 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-6389 cwe-id: CWE-601 epss-score: 0.00097 epss-percentile: 0.40297 cpe: cpe:2.3:a:abhinavsingh:wordpress_toolbar:*:*:*:*:*:*:wordpress:* metadata: verified: true max-request: 1 vendor: abhinavsingh product: wordpress_toolbar publicwww-query: "/wp-content/plugins/wordpress-toolbar/" tags: cve,cve2023,wordpress,wp-plugin,wordpress-toolbar,wp,redirect http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/wordpress-toolbar/toolbar.php?wptbto=https://oast.me&wptbhash=acme" matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$' # digest: 4a0a00473045022100c227bbaa90d02a8b9a508a44f888cc765c6a1454560b1517de91547f856b16df022006e4ae4b398be8b002c3d5d69184bc04a8181d0019c21f8ed05cf288b73b603c:922c64590222798bb761d5b6d8e72950