Open Redirect Vulnerability in WPMobile.App Plugin for WordPress
CVE-2024-13888

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: WPmobile.app
Vendor: CVE Published:; 20 February 2025

Summary

The WPMobile.App plugin for WordPress has a vulnerability that allows unauthenticated attackers to perform Open Redirect attacks. This flaw, present in all versions up to and including 11.56, arises from inadequate validation of the URL in the 'redirect' parameter. If an attacker successfully deceives a user into triggering this action, they could manipulate the redirect to direct users to malicious websites, posing significant security risks.

Affected Version(s)

WPMobile.App * <= 11.56

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/wpappninja/#developers

https://plugins.trac.wordpress.org/changeset/3243366

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Feb 18, 2025

Credit

Krzysztof Zając