Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in LOGON KB Support kb-support.This issue affects KB Support: from n/a through <= 1.6.7.
Published: 2025-01-27
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

LOGON KB Support WordPress plugin versions 1.6.7 and lower contain an open redirect vulnerability. An attacker can manipulate the plugin’s redirect parameter to send users to arbitrary, untrusted URLs. The weakness is identified as CWE‑601, a classic URL redirection flaw.

Affected Systems

The vulnerability affects the WordPress KB Support plugin distributed by LOGON. Any installation running version 1.6.7 or earlier is potentially exploitable; newer releases are not mentioned as affected. No specific CPE listing details beyond the plugin are provided. Operators should verify that the plugin version is greater than 1.6.7 to confirm non‑vulnerability.

Risk and Exploitability

This open‑redirect flaw permits a user to be redirected to an arbitrary untrusted site by manipulating the plugin’s redirect parameter. The CVSS score of 4.7 indicates moderate severity, primarily impacting end‑user experience. EPSS below 1% suggests low exploitation likelihood based on current threat intelligence. The vulnerability is not listed in CISA KEV. Attack vectors are limited to crafting a URL with the vulnerable redirect parameter; no additional privilege escalation or code execution is described.

Generated by OpenCVE AI on May 2, 2026 at 09:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the KB Support plugin to the latest release, which includes the fix for the open redirect issue.
  • If an upgrade is not immediately possible, enforce a whitelist or validation on the redirect URL parameter to limit destinations to known, trusted domains.
  • Consider disabling or removing the redirect functionality altogether if it is not required for site operations.

Generated by OpenCVE AI on May 2, 2026 at 09:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3931 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7. URL Redirection to Untrusted Site ('Open Redirect') vulnerability in LOGON KB Support kb-support.This issue affects KB Support: from n/a through <= 1.6.7.
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Wed, 12 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 10 Feb 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Logon
Logon kb Support
CPEs cpe:2.3:a:logon:kb_support:*:*:*:*:*:wordpress:*:*
Vendors & Products Logon
Logon kb Support

Mon, 27 Jan 2025 14:30:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7.
Title WordPress KB Support plugin <= 1.6.7 - Open Redirection vulnerability
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Subscriptions

Logon Kb Support
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:33.706Z

Reserved: 2025-01-23T14:52:51.692Z

Link: CVE-2025-24741

cve-icon Vulnrichment

Updated: 2025-02-12T20:37:16.461Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T15:15:16.680

Modified: 2026-06-17T08:59:31.900

Link: CVE-2025-24741

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T09:30:20Z

Weaknesses
  • CWE-601

    URL Redirection to Untrusted Site ('Open Redirect')