Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-69725

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Feb, 2026 | 00:00
Updated At-23 Feb, 2026 | 13:58
Rejected At-
Credits

An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Feb, 2026 | 00:00
Updated At:23 Feb, 2026 | 13:58
Rejected At:
▼CVE Numbering Authority (CNA)

An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:R
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:R
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://go-chichi.com
N/A
https://github.com/go-chi/chi/security/advisories/GHSA-mqqf-5wvp-8fh8
N/A
Hyperlink: http://go-chichi.com
Resource: N/A
Hyperlink: https://github.com/go-chi/chi/security/advisories/GHSA-mqqf-5wvp-8fh8
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 Feb, 2026 | 17:24
Updated At:23 Feb, 2026 | 14:16

An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-601Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-601
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://go-chichi.comcve@mitre.org
N/A
https://github.com/go-chi/chi/security/advisories/GHSA-mqqf-5wvp-8fh8cve@mitre.org
N/A
Hyperlink: http://go-chichi.com
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/go-chi/chi/security/advisories/GHSA-mqqf-5wvp-8fh8
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

81Records found
CVE-2025-30954
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Gravity Forms Constant Contact Plugin <= 1.1.0 - Open Redirection Vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin allows Phishing. This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through 1.1.0.

Action-Not Available
Vendor-CRM Perks
Product-WP Gravity Forms Constant Contact Plugin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-48325
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 46.75%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 11:32
Updated-20 Nov, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Landing Page Builder Plugin <= 1.5.1.5 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5.

Action-Not Available
Vendor-pluginopsPluginOps
Product-landing_page_builderLanding Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-28896
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.09% / 24.93%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:00
Updated-12 Mar, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AS English Admin plugin <= 1.0.0 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0.

Action-Not Available
Vendor-Akshar Soft Solutions
Product-AS English Admin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-47779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 46.75%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 12:11
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4.

Action-Not Available
Vendor-crmperksCRM Perks
Product-integration_for_constant_contact_and_contact_form_7\,_wpforms\,_elementor\,_ninjaIntegration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-46750
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-4.7||MEDIUM
EPSS-0.20% / 42.18%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 08:15
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

Action-Not Available
Vendor-The Apache Software Foundation
Product-shiroApache Shiro
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-45762
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.34% / 56.27%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 12:17
Updated-02 Aug, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive Column Widgets Plugin <= 1.2.7 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7.

Action-Not Available
Vendor-michaelunoMichael Uno (miunosoft)
Product-responsive_column_widgetsResponsive Column Widgets
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-24741
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.09% / 24.93%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7.

Action-Not Available
Vendor-logonKB Support
Product-kb_supportKB Support
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-9266
Matching Score-4
Assigner-HeroDevs
ShareView Details
Matching Score-4
Assigner-HeroDevs
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 26.88%
||
7 Day CHG-0.03%
Published-03 Oct, 2024 | 18:56
Updated-04 Oct, 2024 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.

Action-Not Available
Vendor-Express (OpenJS Foundation)
Product-expressexpress
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-7211
Matching Score-4
Assigner-1E Limited
ShareView Details
Matching Score-4
Assigner-1E Limited
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 28.48%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 16:49
Updated-18 Jun, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

Action-Not Available
Vendor-1E Ltd
Product-platform1E Platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-54255
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.57% / 68.48%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:32
Updated-09 Dec, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login Widget With Shortcode plugin <= 6.1.2 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode allows Phishing.This issue affects Login Widget With Shortcode: from n/a through 6.1.2.

Action-Not Available
Vendor-aviplugins.com
Product-Login Widget With Shortcode
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-41648
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 19:51
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Login and Logout Redirect Plugin <= 2.0.3 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3.

Action-Not Available
Vendor-swapnilpatilSwapnil V. Patil
Product-login_and_logout_redirectLogin and Logout Redirect
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-50463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.13% / 32.73%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 12:33
Updated-29 Oct, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunshine Photo Cart plugin <= 3.2.9 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.

Action-Not Available
Vendor-sunshinephotocartWP Sunshine
Product-sunshine_photo_cartSunshine Photo Cart
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-12569
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-24 Nov, 2025 | 06:00
Updated-25 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Front User Submit < 5.0.0 - Open Redirect

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

Action-Not Available
Vendor-Unknown
Product-Guest posting / Frontend Posting / Front Editor
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-49682
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.20% / 42.29%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 11:36
Updated-31 Mar, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Membership plugin <= 4.5.3 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3.

Action-Not Available
Vendor-simple-membership-pluginsmp7, wp.insider
Product-simple_membershipSimple Membership
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-24740
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.09% / 24.93%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-LearnPress
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-32101
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.21% / 43.71%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 10:01
Updated-20 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Library Viewer Plugin <= 2.0.6 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6.

Action-Not Available
Vendor-pexlechrisPexle Chris
Product-library_viewerLibrary Viewer
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-32517
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.20% / 42.29%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 10:05
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.3 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3.

Action-Not Available
Vendor-ibericodePluginOps
Product-mailchimpMailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-31237
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.20% / 42.29%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 09:56
Updated-09 Sep, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zephyr Project Manager Plugin <= 3.3.9 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9.

Action-Not Available
Vendor-zephyr_project_manager_projectDylan James
Product-zephyr_project_managerZephyr Project Manager
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-31229
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.20% / 42.29%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 09:53
Updated-02 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Directory Kit Plugin <= 1.1.9 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9.

Action-Not Available
Vendor-wpdirectorykitWP Directory Kit
Product-wp_directory_kitWP Directory Kit
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-29204
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-9.73% / 92.84%
||
7 Day CHG-0.10%
Published-15 Apr, 2023 | 15:24
Updated-06 Feb, 2025 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-51675
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.19% / 40.74%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:57
Updated-09 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.

Action-Not Available
Vendor-vasyltechAAM
Product-advanced_access_managerAdvanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-47548
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.21% / 43.71%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 12:15
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integrate Google Drive Plugin <= 1.3.2 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2.

Action-Not Available
Vendor-softlabbdSoftLab
Product-integrate_google_driveIntegrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-46624
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 21:38
Updated-20 Nov, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Parcel Pro Plugin <= 1.6.11 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11.

Action-Not Available
Vendor-parcelproParcel Pro
Product-parcel_proParcel Pro
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-45105
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 19:48
Updated-02 Aug, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.9 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.

Action-Not Available
Vendor-servitSERVIT Software Solutions
Product-affiliate-toolkitaffiliate-toolkit – WordPress Affiliate Plugin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-40602
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 19:54
Updated-02 Aug, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Doofinder for WooCommerce Plugin <= 1.5.49 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49.

Action-Not Available
Vendor-doofinderDoofinder
Product-doofinderDoofinder WP & WooCommerce Search
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-38481
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 20:00
Updated-02 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7.

Action-Not Available
Vendor-crmperksCRM Perks
Product-integration_for_woocommerce_and_zoho_crm\,_books\,_invoice\,_inventory\,_biginIntegration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-38478
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 20:03
Updated-02 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for WooCommerce and QuickBooks Plugin <= 1.2.3 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3.

Action-Not Available
Vendor-crmperksCRM Perks
Product-integration_for_woocommerce_and_quickbooksIntegration for WooCommerce and QuickBooks
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-35883
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 20:11
Updated-02 Aug, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Core Web Vitals & PageSpeed Booster Plugin <= 1.0.12 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.

Action-Not Available
Vendor-Mohammed & Ahmed Kaludi (Magazine3)
Product-core_web_vitals_\&_pagespeed_boosterCore Web Vitals & PageSpeed Booster
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-34020
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-4.51% / 88.98%
||
7 Day CHG+0.50%
Published-27 Mar, 2024 | 13:24
Updated-13 May, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-uncanny_toolkit_for_learndashUncanny Toolkit for LearnDash
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-31871
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.17% / 38.62%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:52
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Clone any post type Plugin <= 3.4 - Open Redirect vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Galaxy Weblinks WP Clone any post type allows Phishing. This issue affects WP Clone any post type: from n/a through 3.4.

Action-Not Available
Vendor-Galaxy Weblinks
Product-WP Clone any post type
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-37982
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.07%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 20:07
Updated-02 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.

Action-Not Available
Vendor-crmperksCRM Perks
Product-integration_for_salesforce_and_contact_form_7\,_wpforms\,_elementor\,_ninja_formsIntegration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • Next
Details not found