Open Redirect Vulnerability in AliNext Plugin by ali2woo
CVE-2025-30859

4.7MEDIUM

Key Information:

Vendor: WordPress
Status: Alinext
Vendor: CVE Published:; 27 March 2025

What is CVE-2025-30859?

The Open Redirect vulnerability in the AliNext plugin developed by ali2woo allows attackers to redirect users to untrusted external sites. This poses a significant risk, as it can be exploited for phishing attacks, potentially compromising user credentials and sensitive information. The flaw is present in versions from n/a to 3.5.1, making it critical for users to promptly update their installations to safeguard against misuse.

Affected Version(s)

AliNext 0 <= 3.5.1

References

https://patchstack.com/database/Wordpress/Plugin/ali2woo-...

vdb-entry

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Le Ngoc Anh (Patchstack Alliance)

CVE-2025-30859 Data

JSON