CVE-2025-68509
published 2025-12-24CVE-2025-68509: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Jeff Starr User Submitted Posts user-submitted-posts allows Phishing.This issue affects…
PriorityP427medium4.7CVSS 3.1
AVNACLPRNUIRSCCLINAN
EXPLOIT
EPSS
0.47%
37.5th percentile
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Jeff Starr User Submitted Posts user-submitted-posts allows Phishing.This issue affects User Submitted Posts: from n/a through <= 20251121.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jeff_starr | user_submitted_posts | <= 20251121 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
User Submitted Posts <= 20251121 - Unauthenticated Open Redirect
nuclei·CVSS 6.1
CVE-2025-68509 [MEDIUM] User Submitted Posts <= 20251121 - Unauthenticated Open Redirect
User Submitted Posts <= 20251121 - Unauthenticated Open Redirect
The User Submitted Posts plugin for WordPress is vulnerable to Open Redirect in all versions up to and including 20251121. This is due to insufficient validation on the redirect-override POST parameter. Unauthenticated attackers can redirect users to potentially malicious sites by tricking them into submitting a form.
Template:
id: CVE-2025-68509
info:
name: User Submitted Posts <= 20251121 - Unauthenticated Open Redirect
author: Shivam Kamboj
severity: medium
description: |
The User Submitted Posts plugin for WordPress is vulnerable to Open Redirect in all versions up to and including 20251121. This is due to insufficient validation on the redirect-override POST parameter. Unauthenticated attackers can redirect users to
2025-12-24
Published