CVE-2023-6786
published 2025-05-15CVE-2023-6786: The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an…
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.46%
36.8th percentile
The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hkdigit | payment_gateway_for_telcell | < 2.0.4 | 2.0.4 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Payment Gateway for Telcell < 2.0.4 - Open Redirect
nuclei·CVSS 6.1
CVE-2023-6786 [MEDIUM] Payment Gateway for Telcell < 2.0.4 - Open Redirect
Payment Gateway for Telcell < 2.0.4 - Open Redirect
The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue
Template:
id: CVE-2023-6786
info:
name: Payment Gateway for Telcell < 2.0.4 - Open Redirect
author: s4e-io
severity: medium
description: |
The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue
impact: |
Unauthenticated attackers can exploit open redirect through the api_url parameter to redirect users to malicious websites for phishing attacks.
remediation: |
Fixed in 2.0.4
reference:
- https://wpscan.com/vulnerability/f3e64947-3138-4ec4-86c4-27b5d6a5c9c2/
- https://nvd.nist.gov/vuln/detail/CVE-2023-6786
classification:
cve-id: CVE-2023-6
2025-05-15
Published