CM Registration – Tailored tool for seamless login and invitation-based...

4.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Description

The CM Registration – Tailored tool for seamless login and invitation-based registrations plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.5.6. This is due to insufficient validation on the redirect url supplied via the 'redirect_url' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Basic Information

ID CVE-2025-11167

Source Wordfence

Published Oct 11, 2025 at 08:29

Affected Product

Vendor creativemindssolutions

Product CM Registration – Tailored tool for seamless login and invitation-based registrations

Version *

Affected Versions creativemindssolutions CM Registration – Tailored tool for seamless login and invitation-based registrations *

CWE Classification

CWE-601

References

{
    "lastseen": "",
    "description": "The CM Registration \u2013 Tailored tool for seamless login and invitation-based registrations plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.5.6. This is due to insufficient validation on the redirect url supplied via the 'redirect_url' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.",
    "published": "2025-10-11T08:29:17.346Z",
    "modified": "2025-10-11T08:29:17.346Z",
    "type": "cve",
    "title": "CM Registration \u2013 Tailored tool for seamless login and invitation-based registrations <= 2.5.6 - Open Redirect",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c10286fe-2fdf-4946-b7bb-a2b16f93abb0?source=cve\nhttps://plugins.trac.wordpress.org/changeset/3374121/cm-invitation-codes/trunk/controller/LoginController.php?old=3310298&old_path=cm-invitation-codes%2Ftags%2F2.5.5%2Fcontroller%2FLoginController.php",
    "id": "CVE-2025-11167",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "creativemindssolutions CM Registration \u2013 Tailored tool for seamless login and invitation-based registrations *",
    "sourceHref": "",
    "cvss": {
        "score": 4.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CM Registration \u2013 Tailored tool for seamless login and invitation-based registrations",
    "version": "*",
    "vendor": "creativemindssolutions",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

CM Registration – Tailored tool for seamless login and invitation-based registrations <= 2.5.6 - Open Redirect_CVE-2025-11167