H3-2025-0023¶

Wordpress Newsletter Manager < 1.5 - Unauthenticated Open Redirect


Category	`SECURITY_MISCONFIGURATION`
Base Score	`6.1`

Description¶

The plugin uses a parameter without validation that can redirect users to a malicious site using the header() PHP function.

Impact¶

Open redirects allow attackers to send victims to untrusted or malicious sites through your legitimate domain. This can facilitate phishing, malware distribution, or other social engineering attacks.

References¶

WordPress Changelog