CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
BaseDraftLikelihood: Low
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (427)
page 16 of 22| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-30781 | Med | 0.31 | 4.7 | 0.01 | Mar 27, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce order-status-rules-for-woocommerce allows Phishing.This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through <= 3.7.1. | |
| CVE-2025-28896 | Med | 0.31 | 4.7 | 0.00 | Mar 11, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin as-english-admin allows Phishing.This issue affects AS English Admin: from n/a through <= 1.0.0. | |
| CVE-2025-24741 | Med | 0.31 | 4.7 | 0.00 | Jan 27, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in LOGON KB Support kb-support.This issue affects KB Support: from n/a through <= 1.6.7. | |
| CVE-2025-24740 | Med | 0.31 | 4.7 | 0.00 | Jan 27, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress learnpress.This issue affects LearnPress: from n/a through <= 4.2.7.1. | |
| CVE-2024-54255 | Med | 0.31 | 4.7 | 0.01 | Dec 9, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode login-sidebar-widget allows Phishing.This issue affects Login Widget With Shortcode: from n/a through <= 6.1.2. | |
| CVE-2024-50463 | Med | 0.31 | 4.7 | 0.00 | Oct 28, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9. | |
| CVE-2024-49682 | Med | 0.31 | 4.7 | 0.00 | Oct 24, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3. | |
| CVE-2024-47353 | Med | 0.31 | 4.7 | 0.00 | Oct 11, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2. | |
| CVE-2024-47648 | Med | 0.31 | 4.7 | 0.00 | Oct 10, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5. | |
| CVE-2024-47354 | Med | 0.31 | 4.7 | 0.00 | Oct 10, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership After Login Redirection simple-membership-after-login-redirection.This issue affects Simple Membership After Login Redirection: from n/a through <= 1.6. | |
| CVE-2024-46886 | Med | 0.31 | 4.7 | 0.00 | Oct 8, 2024 | The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. | |
| CVE-2024-47646 | Med | 0.31 | 4.7 | 0.00 | Oct 5, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in tomlister Payflex Payment Gateway payflex-payment-gateway.This issue affects Payflex Payment Gateway: from n/a through <= 2.6.1. | |
| CVE-2024-9266 | Med | 0.31 | 4.7 | 0.00 | Oct 3, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0. | |
| CVE-2024-7428 | Med | 0.31 | — | 0.00 | Aug 23, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2. | |
| CVE-2024-43236 | Med | 0.31 | 4.7 | 0.00 | Aug 19, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9. | |
| CVE-2024-33930 | Med | 0.31 | 4.7 | 0.00 | May 2, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97. | |
| CVE-2024-25676 | Med | 0.31 | 4.7 | 0.00 | May 1, 2024 | An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading. | |
| CVE-2024-33584 | Med | 0.31 | 4.7 | 0.00 | Apr 29, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Deepen Bajracharya Video Conferencing with Zoom.This issue affects Video Conferencing with Zoom: from n/a through 4.4.4. | |
| CVE-2024-32129 | Med | 0.31 | 4.7 | 0.00 | Apr 15, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.6. | |
| CVE-2024-31282 | Med | 0.31 | 4.7 | 0.00 | Apr 10, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. |