CVE-2021-24838— AnyComment < 0.3.5 - Open Redirect

EPSS 2.34% · P85 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-24838

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

AnyComment < 0.3.5 - Open Redirect

Source: NVD (National Vulnerability Database)

Vulnerability Description

The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

指向未可信站点的URL重定向(开放重定向)

Source: NVD (National Vulnerability Database)

Vulnerability Title

WordPress plugin AnyComment 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin AnyComment 0.3.5 之前版本存在输入验证错误漏洞，该漏洞源于 AnyComment 有一个 API 端口，它通过 redirect 参数将用户输入在不经过验证的情况下传递给 wp_redirect 函数从而导致了

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Unknown	AnyComment	0.3.5 ~ 0.3.5	-

II. Public POCs for CVE-2021-24838

#	POC Description	Source Link	Shenlong Link
1	WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-24838.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-24838

请登录查看更多情报信息。

Same Patch Batch · Unknown · 2022-01-17 · 11 CVEs total

CVE-2021-25067		Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS)
CVE-2021-25065		Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS
CVE-2021-25061		WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripti
CVE-2021-25046		Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS
CVE-2021-25037		All In One SEO < 4.1.5.3 - Authenticated SQL Injection
CVE-2021-25036		All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation
CVE-2021-25024		Event Calendar < 1.1.51 - Reflected Cross-Site Scripting
CVE-2021-25005		SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting
CVE-2021-24909		ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting
CVE-2021-25025		Event Calendar < 1.1.51 - Subscriber+ Event Creation

IV. Related Vulnerabilities

Same product: AnyComment

Same vendor: Unknown

Same weakness: CWE-601

V. Comments for CVE-2021-24838

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-24838— AnyComment < 0.3.5 - Open Redirect

I. Basic Information for CVE-2021-24838

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-24838

III. Intelligence Information for CVE-2021-24838

Same Patch Batch · Unknown · 2022-01-17 · 11 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-24838

Leave a comment