CVE-2026-6203: CWE-601 URL Redirection to Untrusted Site ('Open Redirect') in wpeverest User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
CVE-2026-6203 is an open redirect vulnerability in the User Registration & Membership WordPress plugin (versions up to 5. 1. 4). It arises from insufficient validation of the 'redirect_to_on_logout' GET parameter, which is passed directly to wp_redirect() without domain restriction. Although esc_url_raw() sanitizes malformed URLs, it does not prevent redirects to external domains. This can allow attackers to craft logout links that redirect users to malicious sites, potentially facilitating phishing attacks. The vulnerability has a CVSS score of 6. 1 (medium severity). No official patch or remediation guidance is currently available.
AI Analysis
Technical Summary
The User Registration & Membership plugin for WordPress versions up to and including 5.1.4 contains an open redirect vulnerability (CWE-601) due to improper validation of the 'redirect_to_on_logout' GET parameter. This parameter is passed directly to WordPress's wp_redirect() function rather than the safer wp_safe_redirect(), allowing redirection to arbitrary external URLs. Although esc_url_raw() is used to sanitize URLs, it does not restrict redirects to the local domain, enabling attackers to redirect users to potentially malicious external sites after logout. This vulnerability could be leveraged in phishing attacks. The CVSS 3.1 base score is 6.1, indicating medium severity. There is no vendor advisory or patch information available at this time.
Potential Impact
Successful exploitation allows an attacker to redirect users to arbitrary external websites after logout by manipulating the 'redirect_to_on_logout' parameter. This could facilitate phishing attacks by directing users to malicious sites that appear legitimate. The vulnerability does not directly impact confidentiality or availability but poses a risk to user trust and security through redirection to untrusted domains.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or restricting the use of the 'redirect_to_on_logout' parameter if possible or implement custom validation to restrict redirects to trusted domains. Monitor vendor channels for updates and apply patches promptly once released.
CVE-2026-6203: CWE-601 URL Redirection to Untrusted Site ('Open Redirect') in wpeverest User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
Description
CVE-2026-6203 is an open redirect vulnerability in the User Registration & Membership WordPress plugin (versions up to 5. 1. 4). It arises from insufficient validation of the 'redirect_to_on_logout' GET parameter, which is passed directly to wp_redirect() without domain restriction. Although esc_url_raw() sanitizes malformed URLs, it does not prevent redirects to external domains. This can allow attackers to craft logout links that redirect users to malicious sites, potentially facilitating phishing attacks. The vulnerability has a CVSS score of 6. 1 (medium severity). No official patch or remediation guidance is currently available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The User Registration & Membership plugin for WordPress versions up to and including 5.1.4 contains an open redirect vulnerability (CWE-601) due to improper validation of the 'redirect_to_on_logout' GET parameter. This parameter is passed directly to WordPress's wp_redirect() function rather than the safer wp_safe_redirect(), allowing redirection to arbitrary external URLs. Although esc_url_raw() is used to sanitize URLs, it does not restrict redirects to the local domain, enabling attackers to redirect users to potentially malicious external sites after logout. This vulnerability could be leveraged in phishing attacks. The CVSS 3.1 base score is 6.1, indicating medium severity. There is no vendor advisory or patch information available at this time.
Potential Impact
Successful exploitation allows an attacker to redirect users to arbitrary external websites after logout by manipulating the 'redirect_to_on_logout' parameter. This could facilitate phishing attacks by directing users to malicious sites that appear legitimate. The vulnerability does not directly impact confidentiality or availability but poses a risk to user trust and security through redirection to untrusted domains.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or restricting the use of the 'redirect_to_on_logout' parameter if possible or implement custom validation to restrict redirects to trusted domains. Monitor vendor channels for updates and apply patches promptly once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-04-13T09:51:20.465Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69dd725c82d89c981f75a06e
Added to database: 4/13/2026, 10:46:52 PM
Last enriched: 4/13/2026, 11:01:55 PM
Last updated: 4/14/2026, 8:11:38 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.