Open Redirect Vulnerability in User Submitted Posts by Jeff Starr
CVE-2025-68509

4.7MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
24 December 2025

What is CVE-2025-68509?

The User Submitted Posts plugin by Jeff Starr suffers from an Open Redirect vulnerability, allowing attackers to manipulate URLs. This could lead unsuspecting users to untrusted or potentially malicious websites, heightening the risk of phishing attacks. Ensuring the security of this plugin is essential to protect both site administrators and users from possible exploitation.

Affected Version(s)

User Submitted Posts 0 <= 20251121

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

benzdeus | Patchstack Bug Bounty Program
.