← Back to CVEs

CVE-2023-6389

MEDIUM

6.1

Description

The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

CVE Details

CVSS v3.1 Score6.1

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published1/29/2024

Last Modified6/20/2025

Sourcenvd

Honeypot Sightings0

Affected Products

abhinavsingh:wordpress_toolbar

Weaknesses (CWE)

CWE-601

References

https://magos-securitas.com/txt/CVE-2023-6389.txt(contact@wpscan.com)

https://wpscan.com/vulnerability/04dafc55-3a8d-4dd2-96da-7a8b100e5a81/(contact@wpscan.com)

https://magos-securitas.com/txt/CVE-2023-6389.txt(af854a3a-2127-422b-91ae-364da2661108)

https://wpscan.com/vulnerability/04dafc55-3a8d-4dd2-96da-7a8b100e5a81/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.