Open Redirect Vulnerability in CM Registration Plugin for WordPress
CVE-2025-11167
4.7MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 October 2025
What is CVE-2025-11167?
The CM Registration plugin for WordPress, designed for efficient login and invitation-based registrations, exhibits an Open Redirect vulnerability in all versions up to and including 2.5.6. This flaw arises from inadequate validation of the redirect URL parameter, allowing unauthenticated attackers to exploit the vulnerability. By tricking users into performing specific actions, attackers could redirect them to harmful or malicious sites, potentially compromising user data and security.
Affected Version(s)
CM Registration – Tailored tool for seamless login and invitation-based registrations * <= 2.5.6