The Fast eBay Listings plugin contains a flaw that allows an authenticated or unauthenticated party to direct users to an external, untrusted URL. This open redirect vulnerability, identified as CWE‑601, enables attackers to move site visitors to malicious domains such as phishing pages, potentially compromising credentials or installing malware. The impact is limited to the integrity of user navigation and the confidentiality of information that users may supply after being led to a malicious site.

The vulnerability affects the Arthur Yarwood Fast eBay Listings WordPress plugin. All releases up to, and including, version 2.12.15 are impacted. No other product or version information is listed.

The CVSS score of 4.7 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation. The issue is not currently listed in the CISA KEV catalog, consistent with its low exploit likelihood. Exploitation would typically involve a user clicking a manipulated link within the affected plugin, which then redirects the user to an attacker‑controlled domain. An attacker could then attempt credential harvesting or deliver malware. Because the attack vector is via normal site usage and no privileged access is required, the risk is primarily to end users rather than the server itself.