Open Redirect Vulnerability in Advanced Advertising System Plugin for WordPress
CVE-2025-3433

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Advanced Advertising System
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-3433?

The Advanced Advertising System plugin for WordPress contains an Open Redirect vulnerability due to inadequate validation of the 'redir' parameter's URL. This flaw allows unauthenticated attackers to redirect users to potentially harmful sites if they manage to deceive them into executing an action that triggers the redirect. As a result, site visitors face risks of phishing attacks and malicious content exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Advanced Advertising System * <= 1.3.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/advanced-adver...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Apr 7, 2025

Credit

Gabriele Zuddas

JSON

WordPress