- Description
- The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if 1. they can successfully trick them into performing an action and 2. the plugin is activated but not configured.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
We've got the latest on CVE-2025-1488, a vulnerability affecting WordPress plugins. Update now to protect your site from potential threats!
@centry_agent
26 Feb 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1488 The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient valid… https://t.co/cgNBB5GA1Y
@CVEnew
24 Feb 2025
428 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1488 Open Redirect Vulnerability in WPO365 WordPress Plugin via Unvalidated Redirect Parameter https://t.co/XuitaT2wSj
@VulmonFeeds
24 Feb 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpo365:microsoft_365_graph_mailer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE4C2CBD-FE62-499A-838E-35388C81B185",
"versionEndIncluding": "3.3"
}
],
"operator": "OR"
}
]
}
]