CVE-2026-39484

MEDIUM

WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability

Title source: cna

Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.

References (1)

[Vdb Entry] https://patchstack.com/database/Wordpress/Plugin/hide-my-wp/vulnerability/wordpress-hide-my-wp-ghost-plugin-7-0-00-open-redirection-vulnerability?_s_id=cve

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 8.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

John Darrel/Hide My WP Ghost < 7.0.00

Published Apr 08, 2026

Tracked Since Apr 08, 2026