Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal & Stripe: from n/a through <= 1.5.2.
Published: 2025-12-24
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an open redirect that allows an attacker to craft URLs which redirect users to arbitrary external sites. The flaw is a classic CWE‑601 weakness where user input is passed to a redirect function without proper validation, enabling phishing attempts.

Affected Systems

Scott Paterson Accept Donations with PayPal & Stripe plugin is affected for all releases up to and including 1.5.2. Any site using a version from its earliest release through 1.5.2 is vulnerable.

Risk and Exploitability

With a CVSS score of 4.7 the threat is moderate, and an EPSS score of less than 1 % suggests low current exploitation probability. The issue is not listed in CISA KEV. Attackers can exploit the flaw by sending users crafted URLs that redirect to malicious sites; the attack requires user interaction and does not grant code execution or elevated privileges.

Generated by OpenCVE AI on April 29, 2026 at 15:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the plugin to version 1.5.3 or later, which removes the redirect vulnerability.
  • If the plugin is not required, uninstall or delete it to eliminate the attack surface.
  • Configure the site or a security plugin to whitelist accepted redirect domains and block any redirects to unknown or external hosts.

Generated by OpenCVE AI on April 29, 2026 at 15:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1. URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal & Stripe: from n/a through <= 1.5.2.
Title WordPress Accept Donations with PayPal plugin <= 1.5.1 - Open Redirection vulnerability WordPress Accept Donations with PayPal plugin <= 1.5.2 - Open Redirection vulnerability

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Mon, 05 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Scott Paterson
Scott Paterson accept Donations With Paypal
Wordpress
Wordpress wordpress
Vendors & Products Scott Paterson
Scott Paterson accept Donations With Paypal
Wordpress
Wordpress wordpress

Wed, 24 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 24 Dec 2025 13:15:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1.
Title WordPress Accept Donations with PayPal plugin <= 1.5.1 - Open Redirection vulnerability
Weaknesses CWE-601
References

Subscriptions

Scott Paterson Accept Donations With Paypal
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:31.300Z

Reserved: 2025-12-19T10:20:05.496Z

Link: CVE-2025-68602

cve-icon Vulnrichment

Updated: 2025-12-24T18:44:11.964Z

cve-icon NVD

Status : Deferred

Published: 2025-12-24T13:16:27.770

Modified: 2026-04-27T19:16:36.030

Link: CVE-2025-68602

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T15:30:14Z

Weaknesses