CVE-2021-24210

There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain.

There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain.

Se presenta un redireccionamiento abierto en el plugin PhastPress WordPress versiones anteriores a 1.111, que permite a un atacante malformar una petición hacia una página con el plugin y luego redireccionar a la víctima hacia una página maliciosa. También se presenta un comentario de soporte de otro usuario hace un año (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) que dice que el php involucrado en la petición solo va a páginas incluidas en la lista blanca, pero es posible redireccionar a la víctima a cualquier dominio