Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Phishing.This issue affects WebinarPress: from n/a through <= 1.33.28.
Published: 2025-04-09
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the WPWebinarSystem WebinarPress plugin versions up to 1.33.28. It allows an attacker to craft URLs that when visited by a user are redirected to an arbitrary third‑party domain. This flaw is classified as CWE‑601 and is commonly exploited for phishing or social engineering attacks. Since the redirect occurs without validating the target domain, a malicious actor can lure legitimate site visitors to malicious websites, potentially compromising credentials or delivering malware.

Affected Systems

WordPress sites that run the WebinarPress plugin version 1.33.28 or earlier are affected. The issue is present in the lite edition of the plugin for WordPress.

Risk and Exploitability

The CVSS score of 4.7 indicates moderate overall risk, but the EPSS score of less than 1% suggests that the likelihood of exploitation in the near term is low. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to trick a user into clicking a manipulated link, but the lack of strong validation means the exploitation path is straightforward when the vector is available.

Generated by OpenCVE AI on May 1, 2026 at 00:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WebinarPress to a version newer than 1.33.28.
  • Implement an allowlist for redirect destinations or disable the redirect feature if it is not required.
  • Regularly verify that the plugin is updated and monitor for anomalous redirects or phishing activity.

Generated by OpenCVE AI on May 1, 2026 at 00:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10566 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress allows Phishing. This issue affects WebinarPress: from n/a through 1.33.27.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress allows Phishing. This issue affects WebinarPress: from n/a through 1.33.27. URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Phishing.This issue affects WebinarPress: from n/a through <= 1.33.28.
Title WordPress WebinarPress <= 1.33.27 - Open Redirection Vulnerability WordPress WebinarPress plugin <= 1.33.28 - Open Redirection Vulnerability
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Wed, 28 Jan 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Webinarpress
Webinarpress webinarpress
CPEs cpe:2.3:a:webinarpress:webinarpress:*:*:*:*:lite:wordpress:*:*
Vendors & Products Webinarpress
Webinarpress webinarpress

Wed, 09 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 09 Apr 2025 16:30:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress allows Phishing. This issue affects WebinarPress: from n/a through 1.33.27.
Title WordPress WebinarPress <= 1.33.27 - Open Redirection Vulnerability
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Subscriptions

Webinarpress Webinarpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:28.502Z

Reserved: 2025-04-09T11:21:30.218Z

Link: CVE-2025-32693

cve-icon Vulnrichment

Updated: 2025-04-09T17:43:22.624Z

cve-icon NVD

Status : Modified

Published: 2025-04-09T17:15:53.540

Modified: 2026-04-23T15:29:21.713

Link: CVE-2025-32693

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T00:15:04Z

Weaknesses