Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Open redirection enabling phishing attacks
Action: Immediate Patch
AI Analysis

Impact

The Hide My WP Ghost plugin contains an open redirection vulnerability that permits attackers to craft URLs which redirect users to malicious sites, facilitating phishing campaigns. The flaw exists whenever a redirect parameter without proper validation is processed, allowing the attacker to influence the destination URL. Successful exploitation can compromise user trust and lead to credential theft or malware installation.

Affected Systems

The issue affects any site running the Hide My WP Ghost plugin version earlier than 7.0.00, developed by John Darrel. Sites that have not applied the 7.0.00 release are susceptible.

Risk and Exploitability

No EPSS score or KEV listing is provided, suggesting the risk level is moderate until exploited. Attackers can trigger the redirect through crafted URLs or links embedded in emails and websites. Exploitation requires the user to click a link that points to the vulnerable site, after which the plugin redirects them to the attacker’s chosen URL.

Generated by OpenCVE AI on April 8, 2026 at 09:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that the Hide My WP Ghost plugin is updated to version 7.0.00 or later
  • If it is not, upgrade the plugin immediately to the latest release

Generated by OpenCVE AI on April 8, 2026 at 09:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared John Darrel
John Darrel hide My Wp Ghost
Wordpress
Wordpress wordpress
Vendors & Products John Darrel
John Darrel hide My Wp Ghost
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.
Title WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability
Weaknesses CWE-601
References

Subscriptions

John Darrel Hide My Wp Ghost
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:10.796Z

Reserved: 2026-04-07T10:47:37.759Z

Link: CVE-2026-39484

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:23.110

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39484

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:43:14Z

Weaknesses