CVE-2026-6203
Received Received - Intake
Open Redirect in WordPress User Registration Plugin Allows Phishing

Publication date: 2026-04-13

Last updated on: 2026-04-13

Assigner: Wordfence

Description
The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The `redirect_to_on_logout` GET parameter is passed directly to WordPress's `wp_redirect()` function instead of the domain-restricted `wp_safe_redirect()`. While `esc_url_raw()` is applied to sanitize malformed URLs, it does not restrict the redirect destination to the local domain, allowing an attacker to craft a specially formed link that redirects users to potentially malicious external URLs after logout, which could be used to facilitate phishing attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-13
Generated
2026-05-07
AI Q&A
2026-04-14
EPSS Evaluated
2026-05-05
NVD
CVE-2026-6203
EUVD
EUVD-2026-22135
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordfence user_registration_and_membership to 5.1.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The User Registration & Membership plugin for WordPress has an Open Redirect vulnerability in versions up to and including 5.1.4. This occurs because the plugin does not properly validate user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. Instead of using a domain-restricted redirect function, it uses WordPress's wp_redirect() function directly, which allows attackers to craft links that redirect users to potentially malicious external websites after logout.

Although the plugin applies esc_url_raw() to sanitize malformed URLs, this function does not restrict redirects to the local domain, enabling the open redirect issue.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows attackers to redirect users to potentially malicious external URLs after logout, which could facilitate phishing attacks.

Such phishing risks may lead to unauthorized disclosure or misuse of personal data, potentially impacting compliance with data protection regulations like GDPR and HIPAA that require safeguarding user data and preventing unauthorized access or redirection.

However, the provided information does not explicitly state the direct impact on compliance with these standards.


How can this vulnerability impact me? :

This vulnerability can be exploited by attackers to redirect users to malicious external websites after they log out. Such redirects can facilitate phishing attacks by tricking users into visiting harmful sites that may steal credentials or distribute malware.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart