What the vulnerability does
01Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Automattic Newspack Newsletters newspack-newsletters allows Phishing.This issue affects Newspack Newsletters: from n/a through <= 3.13.0.
CVE-2025-49325
MEDIUM
CVE-2025-49325: WordPress Newspack Newsletters plugin <= 3.13.0 - Open Redirection Vulnerability
CVSS base score
4.7/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Key dates
02Disclosure timeline
June 6, 2025
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-52552 FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS
CVE-2024-55892 Potential Open Redirect via Parsing Differences in TYPO3
CVE-2021-35966 Learningdigital.com, Inc. Orca HCM - URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-2709 busy Callback app.js redirect
CVE-2024-4604 Open Redirect in Magarsus Consultancy's SSO
