Vulnerabilities ›

CVE-2026-6203

Medium

CWE-601 — Weakness Type

                    Published: Apr 13, 2026                      ·  Modified: Apr 16, 2026                      ·  Source: NVD                

CVSS v3

6.1

🔗 NVD Official

📄 Description (English)

The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The `redirect_to_on_logout` GET parameter is passed directly to WordPress's `wp_redirect()` function instead of the domain-restricted `wp_safe_redirect()`. While `esc_url_raw()` is applied to sanitize malformed URLs, it does not restrict the redirect destination to the local domain, allowing an attacker to craft a specially formed link that redirects users to potentially malicious external URLs after logout, which could be used to facilitate phishing attacks.

🤖 AI Executive Summary

The User Registration & Membership WordPress plugin versions up to 5.1.4 contain an open redirect vulnerability in the logout redirect parameter that allows attackers to redirect users to malicious external sites. This vulnerability could be exploited for phishing attacks by crafting specially formed links that bypass URL validation.

📄 Description (Arabic)

تحتوي إضافة User Registration & Membership لـ WordPress على ثغرة إعادة توجيه مفتوحة في معامل redirect_to_on_logout الذي يسمح للمهاجمين بتحويل المستخدمين إلى مواقع خارجية ضارة. يمكن استغلال هذه الثغرة لشن هجمات التصيد الاحتيالي من خلال روابط مصممة خصيصاً تتجاوز التحقق من صحة عناوين URL.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 23, 2026 12:17

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1598.003 T1566.002

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update the User Registration & Membership plugin to version 5.1.5 or later immediately. Replace all instances of wp_redirect() with wp_safe_redirect() for the redirect_to_on_logout parameter to enforce domain-restricted redirects. Implement additional server-side validation to whitelist allowed redirect destinations.

🔧 خطوات المعالجة (العربية)

قم بتحديث إضافة تسجيل المستخدمين والعضويات إلى الإصدار 5.1.5 أو أحدث فوراً. استبدل جميع استدعاءات wp_redirect() بـ wp_safe_redirect() لمعامل redirect_to_on_logout لفرض إعادة توجيه مقيدة بالنطاق. طبق التحقق الإضافي من جانب الخادم لإدراج وجهات إعادة التوجيه المسموحة في قائمة بيضاء.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.13.1.1 A.14.2.1

🔵 SAMA CSF

ID.AM-2 PR.DS-6

🟡 ISO 27001:2022

A.6.1.2 A.13.1.3

🔗 References & Sources 3

🔗

https://plugins.trac.wordpress.org/browser/user-registration/tags/5.1.4/includes/functi...

security@wordfence.com

🔗

https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/functions-u...

security@wordfence.com

🔗

https://www.wordfence.com/threat-intel/vulnerabilities/id/020bed37-9544-49b7-941d-3b7f5...

security@wordfence.com

📊 CVSS Score

6.1

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score6.1

CWECWE-601

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-13

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-601

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-6203

Introduce Yourself

Sign In Required