The vulnerability identified as CVE-2025-30795 affects the Aman FunnelKit Automations WordPress plugin, specifically versions up to and including 3.5.1. It is classified as an Open Redirect vulnerability, where the plugin improperly validates or sanitizes URLs used in redirection processes. This flaw enables attackers to manipulate URLs within the plugin to redirect users to malicious or untrusted external websites. Such redirections can be embedded in phishing campaigns, where users are deceived into believing they are navigating within a trusted domain but are instead sent to attacker-controlled sites designed to steal credentials, deliver malware, or conduct other malicious activities. The vulnerability does not require the attacker to have any authentication or special privileges on the target system, making it accessible to any remote actor. Exploitation depends on social engineering tactics to convince users to click on crafted URLs. While no public exploits have been reported yet, the nature of open redirect vulnerabilities makes them a common vector for phishing and social engineering attacks. The plugin is widely used in WordPress marketing automation contexts, which may increase the exposure of organizations relying on it for customer engagement and marketing workflows. The absence of a CVSS score indicates that the vulnerability is newly published, and detailed impact metrics are not yet available.

The primary impact of this vulnerability is the facilitation of phishing attacks through trusted domains, which can lead to credential compromise, unauthorized access, and potential downstream malware infections. Organizations using FunnelKit Automations risk reputational damage if their domains are used to redirect users to malicious sites. This can erode customer trust and potentially lead to financial losses. Additionally, attackers could leverage this vulnerability to bypass some email or web filters that rely on domain reputation, increasing the success rate of phishing campaigns. Since the vulnerability does not require authentication, it can be exploited by any remote attacker, broadening the attack surface. The impact is particularly significant for organizations with large user bases or those handling sensitive customer data, as successful phishing attacks can lead to data breaches and compliance violations.

Organizations should monitor for updates from Aman and apply patches to FunnelKit Automations promptly once available. In the interim, administrators can implement web application firewall (WAF) rules to detect and block suspicious redirect patterns associated with this vulnerability. Reviewing and restricting URL redirection parameters in the plugin configuration or disabling unnecessary redirection features can reduce exposure. User education is critical; training users to recognize phishing attempts and verify URLs before clicking can mitigate exploitation risks. Additionally, organizations should employ email filtering solutions that detect and quarantine phishing emails leveraging open redirect URLs. Monitoring logs for unusual redirect activity and implementing multi-factor authentication (MFA) can further reduce the impact of compromised credentials resulting from phishing.