CVE-2023-34020
published 2024-03-27CVE-2023-34020: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for…
PriorityP334medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.96%
57.2th percentile
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uncanny_owl | uncanny_toolkit_for_learndash | n/a – 3.6.4.3 | — |
| uncannyowl | uncanny_toolkit_for_learndash | <= 3.6.4.3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Uncanny Toolkit for LearnDash - Open Redirection
nuclei·CVSS 6.1
CVE-2023-34020 [MEDIUM] Uncanny Toolkit for LearnDash - Open Redirection
Uncanny Toolkit for LearnDash - Open Redirection
A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.
Template:
id: CVE-2023-34020
info:
name: Uncanny Toolkit for LearnDash - Open Redirection
author: LeDoubleTake
severity: medium
description: |
A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.
impact: |
Unauthenticated attackers can craft malicious redirect URLs through the REST API to redi
https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability?_s_id=cve
2024-03-27
Published