Open Redirect Vulnerability in Galaxy Weblinks WP Clone Plugin
CVE-2025-31871

4.7MEDIUM

Key Information:

Vendor: WordPress
Status: WP Clone Any Post Type
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-31871?

The Galaxy Weblinks WP Clone plugin contains an Open Redirect vulnerability that allows unauthenticated attackers to manipulate URL redirect behavior, potentially leading users to untrusted sites. This flaw makes it easy for malicious actors to conduct phishing attacks by misleading users into entering sensitive information on counterfeit websites. The issue is present in all versions up to 3.4 of WP Clone any post type. Organizations using this plugin should take steps to mitigate this risk and ensure user safety.

Affected Version(s)

WP Clone any post type <= 3.4

References

https://patchstack.com/database/wordpress/plugin/wp-clone...

vdb-entry

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

Abdi Pranata (Patchstack Alliance)