CVE-2021-38343: 
WordPress vulnerability analysis and mitigation

The Nested Pages WordPress plugin version 3.1.15 and earlier was identified with a security vulnerability tracked as CVE-2021-38343. The vulnerability was discovered and reported by Wordfence in August 2021. This security issue affects the WordPress plugin's admin post actions functionality (NVD, CVE).

The vulnerability is classified as an Open Redirect vulnerability (CWE-601) that exists in the page POST parameter within multiple admin_post actions including npBulkActions, npBulkEdit, npListingSort, and npCategoryFilter. The severity of this vulnerability has been assessed with different CVSS scores: NVD assigned a CVSS v3.1 Base Score of 6.1 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Wordfence assessed it at 4.7 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N (NVD).

The Open Redirect vulnerability could allow attackers to redirect users to untrusted sites. This type of vulnerability can be exploited for phishing attacks by redirecting users to malicious websites, potentially leading to the compromise of user credentials or the installation of malware (NVD).

Users of the Nested Pages WordPress plugin should upgrade to a version newer than 3.1.15 to address this vulnerability (NVD).