Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce woo-salesforce-plugin-crm-perks allows Phishing.This issue affects Integration for WooCommerce and Salesforce: from n/a through <= 1.7.5.
Published: 2025-05-07
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an open redirection flaw that allows a malicious party to forge a URL which, when visited through the affected plugin, leads a user to a malicious or phishing site. This type of flaw can be leveraged for credential harvesting or delivering deceptive content, but it does not grant code execution or direct system compromise. The weakness is classified as CWE‑601 and reflects a lack of strict destination validation before performing a redirect.

Affected Systems

The affected product is the WordPress plugin CRM Perks: Integration for WooCommerce and Salesforce, versions from the earliest available through 1.7.5 inclusive. No other vendors or product versions were explicitly indicated.

Risk and Exploitability

The CVSS score of 4.7 identifies the exploit as low severity, and the EPSS score of less than 1% indicates a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attack entry is inferred to occur when a user interacts with a crafted link or timer on the site that triggers the plugin’s redirect logic, without requiring authentication. Because the flaw is not complex, an attacker may simply embed the link in a phishing email or a malicious advertisement to lure unsuspecting users.

Generated by OpenCVE AI on April 30, 2026 at 20:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the plugin to any release newer than 1.7.5, or apply a patch issued by the vendor
  • If an update is unavailable, reconfigure or disable the plugin’s redirect feature to eliminate unvalidated redirects
  • Employ a web‑application firewall rule set that detects and blocks suspicious query parameters or redirect patterns
  • Monitor outbound traffic for anomalous redirects to external domains and investigate potential phishing incidents

Generated by OpenCVE AI on April 30, 2026 at 20:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13858 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce allows Phishing. This issue affects Integration for WooCommerce and Salesforce: from n/a through 1.7.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce allows Phishing. This issue affects Integration for WooCommerce and Salesforce: from n/a through 1.7.5. URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce woo-salesforce-plugin-crm-perks allows Phishing.This issue affects Integration for WooCommerce and Salesforce: from n/a through <= 1.7.5.
Title WordPress Integration for WooCommerce and Salesforce <= 1.7.5 - Open Redirection Vulnerability WordPress Integration for WooCommerce and Salesforce plugin <= 1.7.5 - Open Redirection Vulnerability
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00033}

 epss

{'score': 0.00038}

Wed, 07 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 May 2025 14:30:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce allows Phishing. This issue affects Integration for WooCommerce and Salesforce: from n/a through 1.7.5.
Title WordPress Integration for WooCommerce and Salesforce <= 1.7.5 - Open Redirection Vulnerability
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:41.191Z

Reserved: 2025-05-07T09:38:40.260Z

Link: CVE-2025-47455

cve-icon Vulnrichment

Updated: 2025-05-07T16:33:22.764Z

cve-icon NVD

Status : Deferred

Published: 2025-05-07T15:15:59.577

Modified: 2026-04-23T15:30:14.947

Link: CVE-2025-47455

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T20:45:36Z

Weaknesses