Open Redirect Vulnerability in Hide My WP Ghost by John Darrel
CVE-2026-39484

4.7MEDIUM

Key Information:

Vendor: WordPress
Status: Hide My WP Ghost
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39484?

The Open Redirect vulnerability in the Hide My WP Ghost plugin allows attackers to redirect users to untrusted sites, exposing them to phishing risks. This flaw affects versions of the plugin prior to 7.0.00, enabling the potential for malicious redirection when a user interacts with compromised links. Ensuring that your site uses a patched version is crucial to maintaining security and protecting user data from potential exploits.

Affected Version(s)

Hide My WP Ghost 0 <= 7.0.00

References

https://patchstack.com/database/Wordpress/Plugin/hide-my-...

vdb-entry

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Or Benit | Patchstack Bug Bounty Program

CVE-2026-39484 Data

JSON