WordPress Plugin Vulnerabilities

Advanced Access Manager < 6.9.19 - Open Redirect

Description

The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect url supplied via params->redirect parameter. This makes it possible for authenticated attackers (author and higher) to redirect users to potentially malicious sites if they can successfully trick them into performing an action such as logging in.

Affects Plugins

Plugin icon
advanced-access-manager
Fixed in 6.9.19

References

CVE
CVE-2023-51675
URL
https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-18-open-redirection-vulnerability

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
LVT-tholv2k
Verified
No
WPVDB ID
dd79d748-2dcb-41fa-acd1-327f57f13029

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-04 (about 2 years ago)
Last Updated
2024-01-04 (about 2 years ago)

Other

Published
Title
Published
2023-10-27
Title
Seraphinite Accelerator < 2.2.29 - Authenticated Arbitrary Redirect
Published
2014-08-07
Title
Feed Statistics < 4.0 - Open Redirect
Published
2024-08-09
Title
Easy PayPal Buy Now Button < 1.9.1 - Unauthenticated Open Redirect
Published
2025-12-25
Title
Accept Donations with PayPal < 1.5.3 - Unauthenticated Open Redirect
Published
2025-04-16
Title
Listdom < 4.1.0 - Open Redirect