Stored XSS Vulnerability in Arefly Login Redirect Plugin for WordPress
CVE-2025-30575

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Login Redirect
Vendor: CVE Published:; 24 March 2025

What is CVE-2025-30575?

Arefly Login Redirect is affected by a Stored XSS vulnerability that allows attackers to insert malicious scripts during web page generation. Users of affected versions could unknowingly expose sensitive data or execute harmful actions without their consent. This vulnerability primarily impacts users of the Login Redirect plugin up to version 1.0.5, making it essential for site administrators to take appropriate measures to secure their installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

References

https://patchstack.com/database/wordpress/plugin/login-re...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 24, 2025
Vulnerability Reserved
Mar 24, 2025

Credit

Nabil Irawan (Patchstack Alliance)

JSON

WordPress