Primary

Context

Automattic Newspack Newsletters Open Redirect Vulnerability

Vulnerability

A URL redirection vulnerability allowing untrusted site redirection (open redirect) has been identified in the Automattic Newspack Newsletters plugin, affecting versions through 3.13.0. This vulnerability could be exploited for phishing attacks by redirecting users to malicious sites.

Impact

Exploitation of this vulnerability could lead to phishing incidents, as users could be redirected from a legitimate site to a malicious one.

Remediation

Users of the Newspack Newsletters plugin should update to version 3.14.0 or later to address this vulnerability.

Added: Jun 6, 2025, 1:35 PM

Updated: Jun 6, 2025, 3:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.4

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.4

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Automattic Newspack Newsletters Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating