Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-47646

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-05 Oct, 2024 | 12:53
Updated At-07 Oct, 2024 | 14:13
Rejected At-
Credits

WordPress Payflex Payment Gateway plugin <= 2.6.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:05 Oct, 2024 | 12:53
Updated At:07 Oct, 2024 | 14:13
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Payflex Payment Gateway plugin <= 2.6.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1.

Affected Products
Vendor
Payflex
Product
Payflex Payment Gateway
Collection URL
https://wordpress.org/plugins
Package Name
payflex-payment-gateway
Default Status
unaffected
Versions
Affected
  • From n/a through 2.6.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Muhamad Agil Fachrian (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/payflex-payment-gateway/wordpress-payflex-payment-gateway-plugin-2-6-1-open-redirection-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/payflex-payment-gateway/wordpress-payflex-payment-gateway-plugin-2-6-1-open-redirection-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:05 Oct, 2024 | 13:15
Updated At:07 Oct, 2024 | 17:47

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-601Primaryaudit@patchstack.com
CWE ID: CWE-601
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/payflex-payment-gateway/wordpress-payflex-payment-gateway-plugin-2-6-1-open-redirection-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/payflex-payment-gateway/wordpress-payflex-payment-gateway-plugin-2-6-1-open-redirection-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

72Records found
CVE-2025-30781
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 14.81%
||
7 Day CHG-0.00%
Published-27 Mar, 2025 | 10:54
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Scheduled & Automatic Order Status Controller for WooCommerce <= 3.7.1 - Open Redirection Vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled &amp; Automatic Order Status Controller for WooCommerce allows Phishing. This issue affects Scheduled &amp; Automatic Order Status Controller for WooCommerce: from n/a through 3.7.1.

Action-Not Available
Vendor-WPFactory
Product-Scheduled &amp; Automatic Order Status Controller for WooCommerce
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-28215
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.7||MEDIUM
EPSS-0.32% / 54.23%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

Action-Not Available
Vendor-SAP SE
Product-netweaver_abapSAP NetWeaver ABAP Server and ABAP Platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-30885
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 4.74%
||
7 Day CHG-0.03%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Phishing. This issue affects Bit Form – Contact Form Plugin: from n/a through 2.18.0.

Action-Not Available
Vendor-Bit Apps
Product-Bit Form – Contact Form Plugin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-30859
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 4.74%
||
7 Day CHG-0.03%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AliNext plugin <= 3.5.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ali2woo AliNext allows Phishing. This issue affects AliNext: from n/a through 3.5.1.

Action-Not Available
Vendor-ali2woo
Product-AliNext
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-30795
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 4.74%
||
7 Day CHG-0.03%
Published-27 Mar, 2025 | 10:54
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Automation By Autonami plugin <= 3.5.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.5.1.

Action-Not Available
Vendor-FunnelKit
Product-Automation By Autonami
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-30953
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 10.17%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Gravity Forms Salesforce <= 1.4.7 - Open Redirection Vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7.

Action-Not Available
Vendor-CRM Perks
Product-WP Gravity Forms Salesforce
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-28896
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 12.36%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AS English Admin plugin <= 1.0.0 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0.

Action-Not Available
Vendor-Akshar Soft Solutions
Product-AS English Admin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-27861
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 24.66%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 09:19
Updated-25 Sep, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ninja Popups Plugin <= 4.7.5 is vulnerable to Open Redirection

Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions.

Action-Not Available
Vendor-arscodeArscode
Product-ninja_popupsNinja Popups
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-24740
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 13.77%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-LearnPress
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-24741
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 13.77%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7.

Action-Not Available
Vendor-logonKB Support
Product-kb_supportKB Support
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-23618
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.28% / 51.04%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 21:05
Updated-23 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-45105
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.66%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 19:48
Updated-02 Aug, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.9 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.

Action-Not Available
Vendor-servitSERVIT Software Solutions
Product-affiliate-toolkitaffiliate-toolkit – WordPress Affiliate Plugin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-15242
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.21% / 43.69%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 19:50
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in Next.js

Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain. The issue is fixed in version 9.5.4.

Action-Not Available
Vendor-vercelvercel
Product-next.jsnext.js
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-40602
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.66%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 19:54
Updated-02 Aug, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Doofinder for WooCommerce Plugin <= 1.5.49 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49.

Action-Not Available
Vendor-doofinderDoofinder
Product-doofinderDoofinder WP & WooCommerce Search
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-9266
Matching Score-4
Assigner-HeroDevs
ShareView Details
Matching Score-4
Assigner-HeroDevs
CVSS Score-4.7||MEDIUM
EPSS-0.03% / 5.69%
||
7 Day CHG~0.00%
Published-03 Oct, 2024 | 18:56
Updated-04 Oct, 2024 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.

Action-Not Available
Vendor-Express (OpenJS Foundation)
Product-expressexpress
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-32517
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.20% / 42.54%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 10:05
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.3 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3.

Action-Not Available
Vendor-ibericodePluginOps
Product-mailchimpMailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-37982
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.66%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 20:07
Updated-02 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.

Action-Not Available
Vendor-crmperksCRM Perks
Product-integration_for_salesforce_and_contact_form_7\,_wpforms\,_elementor\,_ninja_formsIntegration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-31237
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.20% / 42.54%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 09:56
Updated-09 Sep, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zephyr Project Manager Plugin <= 3.3.9 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9.

Action-Not Available
Vendor-zephyr_project_manager_projectDylan James
Product-zephyr_project_managerZephyr Project Manager
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-31229
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.20% / 42.54%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 09:53
Updated-02 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Directory Kit Plugin <= 1.1.9 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9.

Action-Not Available
Vendor-wpdirectorykitWP Directory Kit
Product-wp_directory_kitWP Directory Kit
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-34020
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-4.69% / 88.92%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 13:24
Updated-13 May, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-uncanny_toolkit_for_learndashUncanny Toolkit for LearnDash
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-49682
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 22.51%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 11:36
Updated-31 Mar, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Membership plugin <= 4.5.3 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3.

Action-Not Available
Vendor-simple-membership-pluginsmp7, wp.insider
Product-simple_membershipSimple Membership
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-24808
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-1.39% / 79.61%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 03:17
Updated-09 May, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.

Action-Not Available
Vendor-pyloadpyload
Product-pyloadpyload
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • Next
Details not found