Simple Membership After Login Redirection < 1.7 – Open Redirect | CVE 2024-47354 | Plugin Vulnerabilities

Description

The Simple Membership After Login Redirection plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.6. This is due to insufficient validation on the redirect url supplied via the 'swpm_redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

simple-membership-after-login-redirection

Fixed in 1.7

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/9f959e61-16cf-4260-b21b-8edb95a3cd65

Classification

Type

REDIRECT

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

ardias

Verified

No

WPVDB ID

b330b742-47d4-4272-aa47-8ed8c6957716

Timeline

Publicly Published

2024-09-30 (about 1 year ago)

Added

2024-10-10 (about 1 year ago)

Last Updated

2024-10-10 (about 1 year ago)

Other

Published

Title

Published

2024-04-05

Title

App Builder < 3.8.8 - Open Redirection

Published

2025-05-07

Title

WP Gravity Forms Zendesk < 1.1.3 - Open Redirect

Published

2024-05-29

Title

WP Content Copy Protection & No Right Click (premium) < 15.3 - Open Redirect

Published

2023-02-06

Title

Pie Register < 3.8.2.3 - Open Redirect

Published

2024-04-05

Title

OAuth Server < 4.4.0 - Open Redirect