What is CVE-2023-6389?

CVE-2023-6389 is a vulnerability in Wordpress Toolbar, classified under CWE-601 URL REDIRECTION TO UNTRUSTED SITE ('OPEN REDIRECT'). Published 2024-01-29.

Is CVE-2023-6389 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wordpress Toolbar

CVE-2023-6389

The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them…

EPSS: 0.587 (98.2th percentile) — read the EPSS interpretation.

Affected products

Unknown Wordpress Toolbar — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/04dafc55-3a8d-4dd2-96da-7a8b100e5a81/ (exploit, vdb-entry, technical-description)
magos-securitas.com/txt/CVE-2023-6389.txt

Frequently asked questions

What is CVE-2023-6389?: CVE-2023-6389 is a vulnerability in Wordpress Toolbar, classified under CWE-601 URL REDIRECTION TO UNTRUSTED SITE ('OPEN REDIRECT'). Published 2024-01-29.
Is CVE-2023-6389 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.