CVE-2025-30954
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30954 is an Open Redirection vulnerability in the WordPress WP Gravity Forms Constant Contact Plugin (up to version 1.1.0). The plugin does not properly validate redirect URLs, allowing attackers to redirect users from a legitimate site to a malicious one. This can be exploited to facilitate phishing attacks by tricking users into visiting harmful websites after initially accessing a trusted site. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by enabling attackers to redirect your users to malicious websites, which can lead to phishing attacks. Users may be deceived into providing sensitive information or downloading malware, potentially compromising their security. Although the vulnerability has a low severity score (4.7) and requires no authentication to exploit, it still poses a risk of phishing and related social engineering attacks. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves open redirection due to improper validation of redirect URLs in the WP Gravity Forms Constant Contact Plugin. Detection can involve monitoring HTTP requests for suspicious redirect parameters pointing to untrusted domains. Network monitoring tools or web application firewalls (WAF) can be configured to log or block such redirects. Specific commands are not provided in the resources, but inspecting web server logs for redirect URL parameters or using tools like curl to test redirect behavior may help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which auto-mitigates the vulnerability without requiring an official patch. Users should also be cautious of phishing risks, monitor for suspicious redirects, and consider professional incident response and server-side malware scanning if compromise is suspected. Avoid relying solely on plugin-based malware scanners as they can be tampered with by attackers. [1]