CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
BaseDraftLikelihood: Low
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (427)
page 15 of 22| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-4296 | Med | 0.31 | 4.7 | 0.00 | Jul 23, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HotelRunner B2B allows Forceful Browsing.This issue affects B2B: before 04.06.2025. | |
| CVE-2025-49868 | Med | 0.31 | 4.7 | 0.00 | Jun 17, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through <= 3.6.0. | |
| CVE-2025-49325 | Med | 0.31 | 4.7 | 0.00 | Jun 6, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Automattic Newspack Newsletters newspack-newsletters allows Phishing.This issue affects Newspack Newsletters: from n/a through <= 3.13.0. | |
| CVE-2025-30954 | Med | 0.31 | 4.7 | 0.00 | Jun 6, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Phishing.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.0. | |
| CVE-2025-30953 | Med | 0.31 | 4.7 | 0.00 | Jun 6, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Phishing.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.4.7. | |
| CVE-2025-47644 | Med | 0.31 | 4.7 | 0.00 | May 7, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integrations of Zoho CRM with Elementor form integrations-of-zoho-crm-with-elementor-form allows Phishing.This issue affects Integrations of Zoho CRM with Elementor form: from n/a through <= 1.0.8. | |
| CVE-2025-47456 | Med | 0.31 | 4.7 | 0.00 | May 7, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Zendesk gf-zendesk allows Phishing.This issue affects WP Gravity Forms Zendesk: from n/a through <= 1.1.2. | |
| CVE-2025-47455 | Med | 0.31 | 4.7 | 0.00 | May 7, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce woo-salesforce-plugin-crm-perks allows Phishing.This issue affects Integration for WooCommerce and Salesforce: from n/a through <= 1.7.5. | |
| CVE-2025-47454 | Med | 0.31 | 4.7 | 0.00 | May 7, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Dynamics CRM gf-dynamics-crm allows Phishing.This issue affects WP Gravity Forms Dynamics CRM: from n/a through <= 1.1.4. | |
| CVE-2025-39404 | Med | 0.31 | 4.7 | 0.00 | Apr 24, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Heateor Support Sassy Social Share sassy-social-share allows Phishing.This issue affects Sassy Social Share: from n/a through <= 3.3.73. | |
| CVE-2025-39599 | Med | 0.31 | 4.7 | 0.00 | Apr 16, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Webilia Inc. Listdom listdom allows Phishing.This issue affects Listdom: from n/a through <= 4.0.0. | |
| CVE-2025-39597 | Med | 0.31 | 4.7 | 0.00 | Apr 16, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Arthur Yarwood Fast eBay Listings fast-ebay-listings allows Phishing.This issue affects Fast eBay Listings: from n/a through <= 2.12.15. | |
| CVE-2025-32694 | Med | 0.31 | 4.7 | 0.00 | Apr 9, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Phishing.This issue affects Ultimate WP Mail: from n/a through <= 1.3.10. | |
| CVE-2025-32693 | Med | 0.31 | 4.7 | 0.00 | Apr 9, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Phishing.This issue affects WebinarPress: from n/a through <= 1.33.28. | |
| CVE-2025-31871 | Med | 0.31 | 4.7 | 0.00 | Apr 1, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Galaxy Weblinks WP Clone any post type wp-clone-any-post-type allows Phishing.This issue affects WP Clone any post type: from n/a through <= 3.6. | |
| CVE-2025-31821 | Med | 0.31 | 4.7 | 0.01 | Apr 1, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integration of Zoho CRM and Contact Form 7 allows Phishing. This issue affects Integration of Zoho CRM and Contact Form 7: from n/a through 1.0.6. | |
| CVE-2025-30885 | Med | 0.31 | 4.7 | 0.00 | Mar 27, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Form bit-form allows Phishing.This issue affects Bit Form: from n/a through <= 2.18.0. | |
| CVE-2025-30884 | Med | 0.31 | 4.7 | 0.00 | Mar 27, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Integrations bit-integrations allows Phishing.This issue affects Bit Integrations: from n/a through <= 2.4.10. | |
| CVE-2025-30859 | Med | 0.31 | 4.7 | 0.01 | Mar 27, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in guru-aliexpress AliNext ali2woo-lite allows Phishing.This issue affects AliNext: from n/a through <= 3.5.1. | |
| CVE-2025-30795 | Med | 0.31 | 4.7 | 0.00 | Mar 27, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through <= 3.5.1. |