[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7H7B9o9dbfdi_RkSlJIWyN_QPPzEdoXHyKYc8iUNgeQ":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2021-24838","anycomment-open-redirect-via-redirect-parameter","AnyComment \u003C= 0.3.4 - Open Redirect via redirect parameter","The AnyComment plugin for WordPress is vulnerable to Open Redirect in versions up to, and including, 0.3.4. This is due to an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first. This makes it possible for unauthenticated attackers to create redirect links using the site.","anycomment",null,"\u003C0.3.5","0.3.5","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:L","URL Redirection to Untrusted Site ('Open Redirect')","2021-12-20 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F786d147b-2013-476b-a684-d070f07a166d?source=api-prod",764]