WordPress Plugin Vulnerabilities

Automation By Autonami < 3.6.1 - Open Redirect

Description

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.6.0. This is due to insufficient validation on a redirect url. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

Plugin icon
wp-marketing-automations
Fixed in 3.6.1

References

CVE
CVE-2025-49868
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/979f52b8-0860-43d0-9675-6e9880f48e21

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
LVT-tholv2k
Verified
No
WPVDB ID
d74d16d1-0ac1-4425-8dba-9109cd8866c0

Timeline

Publicly Published
2025-06-12 (about 11 months ago)
Added
2025-06-18 (about 11 months ago)
Last Updated
2025-06-18 (about 11 months ago)

Other

Published
Title
Published
2022-01-17
Title
Noptin < 1.6.5 - Open Redirect
Published
2024-01-17
Title
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
Published
2025-09-26
Title
WP Gravity Forms HubSpot < 1.2.6 - Open Redirect
Published
2023-11-14
Title
Integration for Contact Form 7 and Constant Contact < 1.1.5 - Open Redirect
Published
2015-07-05
Title
StageShow <= 5.0.8 - Open Redirect