CVE-2024-13888

HIGH NUCLEI

Amauri Wpmobile.app < 11.57 - Open Redirect

Title source: rule

Description

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Nuclei Templates (1)

WPMobile.App <= 11.56 - Open Redirect

HIGHVERIFIEDby s4e-io

FOFA: body="/wp-content/plugins/wpappninja"

References (3)

[Patch] https://plugins.trac.wordpress.org/changeset/3243366

[Product, Release Notes] https://wordpress.org/plugins/wpappninja/#developers

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/a139f0fc-f3e0-4759-aa8d-ba138e5ccc87?source=cve

Scores

CVSS v3 7.2

EPSS 0.0194

EPSS Percentile 83.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (2)

amauri/wpmobile.app < 11.57

amauric/WPMobile.App < 11.56

Published Feb 20, 2025

Tracked Since Feb 18, 2026