Volerion logoVolerion
Volerion logoVolerion

WordPress Guest Posting Plugin Open Redirect Vulnerability

Vulnerability

An open redirect vulnerability has been identified in the WordPress Guest Posting/Frontend Posting/Front Editor plugin, affecting versions prior to 5.0.0. The issue arises because the plugin fails to validate a parameter before redirecting users, allowing for unauthorized redirection to external sites.

Impact

Exploitation of this vulnerability allows for open redirection, where users can be sent to an external site of their choice, potentially leading to phishing or other malicious activities.

Reproduction

To reproduce this vulnerability, add the '[fus_form_register]' shortcode to a post or page. Then, open the post page with a URL that includes a 'redirect' parameter pointing to an external site, such as 'https://evil.com'. Submit the registration form, and the user will be redirected to the specified external site.

Remediation

Users are advised to update the WordPress Guest Posting/Frontend Posting/Front Editor plugin to version 5.0.0 or later.

Added: Nov 24, 2025, 6:18 AM
Updated: Nov 24, 2025, 11:19 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
7.7
remediation
7.7
relevance
1.2
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.