S4E

CVE-2021-25111 Scanner

Detects 'Open Redirect' vulnerability in English WordPress Admin affects v. before 1.5.2.

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

1 month

Scan only one

Url

Toolbox

-

English WordPress Admin is a software used by WordPress users who wish to manage their website in English. It is a free plugin that can be downloaded and installed directly from the WordPress plugin repository. Once installed, users can change their WordPress admin language to English, allowing them to manage their site's content, updates, and customization in the English language. With over 1 million active installations and regular updates, this plugin is a popular choice for WordPress users worldwide.

Recently, the security researchers at Security Company, s4e.io, identified a vulnerability in the English WordPress Admin plugin, which was identified as CVE-2021-25111. This vulnerability occurs due to a lack of validation of the admin_custom_language_return_url before redirecting the user to a specific URL. As a result, hackers can exploit this weakness by luring unsuspecting users to click on a maliciously crafted link that leads them to a phishing website. Doing so allows cybercriminals to perform a range of malicious activities, including stealing login credentials, distributing malware, or engaging in other forms of cyber fraud.

An unpatched CVE-2021-25111 vulnerability can lead to serious consequences for the victim. If an attacker successfully exploits this vulnerability, it could result in the theft of sensitive data, including personal user information or financial data. Apart from identity theft or fraud, cybercriminals can also use the vulnerability to inject malicious code into a WordPress site, posing a significant threat to website owners. Since WordPress is one of the most popular Content Management Systems, such vulnerabilities can have far-reaching consequences across the internet.

With the recent surge in cyber threats and attacks, it has become essential to keep your digital assets, including websites and digital applications, secure. s4e.io provides users with comprehensive vulnerability scanning services, which are designed to help users identify potential vulnerabilities and threats in their digital assets. Using advanced technology and expertise, our platform can quickly and easily detect and address any vulnerabilities in your website or application, ensuring that it remains secure and protected against cyber threats. By subscribing to our services, you can rest assured that your digital assets are secure and protected from cybersecurity threats.

 

REFERENCES

Get started to protecting your Free Full Security Scan