CVE-2023-3771: 
WordPress vulnerability analysis and mitigation

The T1 WordPress theme through version 19.0 contains an unauthenticated open redirect vulnerability (CVE-2023-3771). This security flaw was discovered and publicly disclosed on July 19, 2023, affecting all versions of the T1 theme up to and including version 19.0 (WPScan).

The vulnerability is classified as CWE-601 (URL Redirection to Untrusted Site) with a CVSS v3.1 base score of 6.1 (Medium). The flaw exists in the theme's redirection functionality, specifically in the page-templates/apply_redirection.php file, which allows attackers to redirect users to arbitrary websites (WPScan, NVD).

The vulnerability allows any unauthenticated attacker to redirect users to arbitrary websites, potentially leading to phishing attacks or directing users to malicious websites. This could result in compromised user credentials or exposure to malware (WPScan).

Currently, there is no known fix available for this vulnerability. Website administrators using the T1 WordPress theme should consider switching to an alternative theme or implementing additional security controls to prevent unauthorized redirects (WPScan).