Description
The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient validation on the redirect URL supplied via the 'sam-redirect-to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Published: 2025-12-13
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Open Redirect
Action: Patch
AI Analysis

Impact

The Solutions Ad Manager plugin contains an open redirect flaw caused by insufficient validation of the 'sam-redirect-to' parameter, allowing attackers to craft URLs that redirect unsuspecting users to malicious sites. This vulnerability permits unauthenticated users to trigger the redirect without credentials, facilitating phishing or drive‑by download campaigns. The weakness is identified as CWE‑601.

Affected Systems

WordPress sites running the Solutions Ad Manager plugin version 1.0.0 or earlier are vulnerable. The product is developed by solutionsbysteve and is known as Solutions Ad Manager.

Risk and Exploitability

The CVSS base score is 4.7, indicating moderate severity, while the EPSS score is below 1%, suggesting a low current exploitation probability and no listing in the CISA KEV catalog. Attackers can exploit the flaw via a browser by delivering a crafted link that includes the unvalidated 'sam-redirect-to' parameter. The impact is limited to redirecting traffic, but it can be used as a foothold for further malicious activity such as phishing or malware delivery.

Generated by OpenCVE AI on April 21, 2026 at 17:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Solutions Ad Manager plugin to a version newer than 1.0.0, or uninstall the plugin if it is not needed.
  • If an upgrade is unavailable, block or sanitize the 'sam-redirect-to' query parameter using WordPress URL rewriting or a security plugin to prevent unintended redirects.
  • Maintain general WordPress hardening practices, such as limiting user roles, keeping core and other plugins updated, and monitoring for suspicious external links.

Generated by OpenCVE AI on April 21, 2026 at 17:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Dec 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Sat, 13 Dec 2025 04:45:00 +0000

Type Values Removed Values Added
Description The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient validation on the redirect URL supplied via the 'sam-redirect-to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Title Solutions Ad Manager <= 1.0.0 - Unauthenticated Open Redirect via 'sam-redirect-to' Parameter
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:58:38.472Z

Reserved: 2025-12-10T14:27:37.343Z

Link: CVE-2025-14451

cve-icon Vulnrichment

Updated: 2025-12-15T15:43:28.295Z

cve-icon NVD

Status : Deferred

Published: 2025-12-13T16:16:50.013

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-14451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T17:15:25Z

Weaknesses