CVE-2023-6389
published 2024-01-29CVE-2023-6389: The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to…
PriorityP349medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
25.68%
97.7th percentile
The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| abhinavsingh | wordpress_toolbar | <= 2.2.6 | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/wp-content/plugins/wordpress-toolbar/toolbar.php?wptbto=https://oast.me&wptbhash=acme↗
- →Detect open redirect exploitation via the 'wptbto' parameter in the WordPress Toolbar plugin by inspecting HTTP Location response headers for external redirects. ↗
- →Monitor GET requests to toolbar.php containing both 'wptbto' and 'wptbhash' query parameters as indicators of exploitation attempts. ↗
- →Unauthenticated requests (no session/auth required) to toolbar.php with an arbitrary URL in 'wptbto' should be flagged; the redirect requires no privileges. ↗
- ·The 'wptbhash' parameter is included in the PoC request but its role is not fully documented; its value ('acme') may be arbitrary or may need to match a specific pattern for the redirect to trigger. ↗
- ·Affected versions are 2.2.6 and below; the detection regex targets the Location header and matches any redirect to an external host, so tuning may be needed to reduce false positives in environments with legitimate redirects. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Toolbar <= 2.2.6 - Open Redirect
nuclei·CVSS 6.1
CVE-2023-6389 [MEDIUM] WordPress Toolbar <= 2.2.6 - Open Redirect
WordPress Toolbar <= 2.2.6 - Open Redirect
The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Template:
id: CVE-2023-6389
info:
name: WordPress Toolbar <= 2.2.6 - Open Redirect
author: s4e-io
severity: medium
description: |
The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
impact: |
Unauthenticated attackers can redirect users to malicious external sites via the wptbto parameter, potentially facilitating phishing attacks or credential theft.
r
2024-01-29
Published