WordPress Plugin Vulnerabilities

Automation By Autonami < 3.5.2 - Open Redirect

Description

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.5.1. This is due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

Plugin icon
wp-marketing-automations
Fixed in 3.5.2

References

CVE
CVE-2025-30795
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ededbe81-6feb-4952-9dc2-12156444ff5c

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Le Ngoc Anh
Verified
No
WPVDB ID
6592f1cd-9197-4808-9a0b-a7a1c78a291e

Timeline

Publicly Published
2025-03-27 (about 1 year ago)
Added
2025-04-03 (about 1 year ago)
Last Updated
2025-04-03 (about 1 year ago)

Other

Published
Title
Published
2025-06-05
Title
WP Gravity Forms Salesforce < 1.4.8 - Open Redirect
Published
2025-07-30
Title
Connector for Gravity Forms and Google Sheets < 1.2.5 - Open Redirect
Published
2025-08-21
Title
Wp Edit Password Protected < 1.3.5 - Open Redirect
Published
2021-12-22
Title
Event Tickets < 5.2.2 - Open Redirect
Published
2025-11-29
Title
Flexmls® IDX < 3.15.8 - Unauthenticated Open Redirect