WordPress Plugin Vulnerabilities

KB Support < 1.6.8 - Unauthenticated Open Redirect

Description

The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.6.7. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

Plugin icon
kb-support
Fixed in 1.6.8

References

CVE
CVE-2025-24741
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/fe679ff6-6ade-48fa-8699-6a96da49f8c8

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
ardias
Verified
No
WPVDB ID
0486bbc6-a0c5-414e-beb9-6f02d8e85cdc

Timeline

Publicly Published
2025-01-24 (about 1 year ago)
Added
2025-01-28 (about 1 year ago)
Last Updated
2025-01-28 (about 1 year ago)

Other

Published
Title
Published
2015-08-15
Title
Google Adsense & Hotel Booking <= 1.0.5 - Open Proxy
Published
2024-01-03
Title
WordPress Toolbar <= 2.2.6 - Open Redirect
Published
2022-01-17
Title
Noptin < 1.6.5 - Open Redirect
Published
2021-05-31
Title
The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect
Published
2025-03-27
Title
Bit Form – Contact Form Plugin < 2.18.1 - Open Redirect