CVE-2025-11167
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-11

Last updated on: 2025-10-14

Assigner: Wordfence

Description
The CM Registration – Tailored tool for seamless login and invitation-based registrations plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.5.6. This is due to insufficient validation on the redirect url supplied via the 'redirect_url' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-11
Last Modified
2025-10-14
Generated
2026-05-06
AI Q&A
2025-10-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-11167
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress cm_invitation_codes *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Open Redirect issue in the CM Registration – Tailored tool for seamless login and invitation-based registrations WordPress plugin (up to version 2.5.6). It occurs because the plugin does not properly validate the 'redirect_url' parameter, allowing unauthenticated attackers to supply a malicious URL. If a user is tricked into performing an action, they can be redirected to potentially harmful external sites. [1]


How can this vulnerability impact me? :

The vulnerability can impact you by enabling attackers to redirect your users to malicious websites without their consent. This can lead to phishing attacks, malware infections, or other security risks as users may trust the original site and unknowingly interact with harmful content. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring HTTP requests to the affected WordPress plugin's login endpoint for the presence of the 'redirect_url' or 'cmreg_redirect_url' parameter containing external URLs. A simple detection method is to look for requests where the redirect URL points to domains outside your trusted sites, indicating potential exploitation attempts. For example, using command-line tools like curl or grep on server logs: 1) To search access logs for suspicious redirect URLs: grep -i 'redirect_url=' /path/to/access.log | grep -v 'yourdomain.com' 2) To simulate a request and observe redirection behavior: curl -v -X POST -d 'cmreg_redirect_url=http://malicious.example.com' https://yourwordpresssite.com/login 3) Using network monitoring tools or IDS rules to flag HTTP requests with suspicious redirect parameters can also help detect exploitation attempts. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating the CM Registration – Tailored tool for seamless login and invitation-based registrations plugin to a version later than 2.5.6 where the vulnerability is fixed. The fix involves removing the acceptance of external redirect URLs and restricting redirection to predefined, trusted URLs configured in the plugin settings. If an update is not immediately possible, as a temporary measure, you can block or filter HTTP requests containing the 'redirect_url' or 'cmreg_redirect_url' parameters with external URLs at the web application firewall or server level to prevent exploitation. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart