Open Redirect Vulnerability in Advanced Advertising System Plugin for WordPress
CVE-2025-3433

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Advanced Advertising System
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-3433?

The Advanced Advertising System plugin for WordPress contains an Open Redirect vulnerability due to inadequate validation of the 'redir' parameter's URL. This flaw allows unauthenticated attackers to redirect users to potentially harmful sites if they manage to deceive them into executing an action that triggers the redirect. As a result, site visitors face risks of phishing attacks and malicious content exposure.

Affected Version(s)

Advanced Advertising System * <= 1.3.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/advanced-adver...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Apr 7, 2025

Credit

Gabriele Zuddas