CVE-2023-51675: 
WordPress vulnerability analysis and mitigation

The CVE-2023-51675 is an Open Redirect vulnerability affecting the AAM Advanced Access Manager WordPress plugin versions through 6.9.18. The vulnerability was discovered and disclosed on December 27, 2023, and affects the plugin's handling of redirect URL parameters (Patchstack, WPScan).

The vulnerability stems from insufficient validation of the redirect URL supplied via the params->redirect parameter. It has been assigned a CVSS v3.1 base score of 5.4 (Medium) by NVD and 4.7 (Medium) by Patchstack. The vulnerability is classified as CWE-601 (URL Redirection to Untrusted Site) (NVD, Patchstack).

The vulnerability allows authenticated attackers with author-level privileges or higher to redirect users to potentially malicious sites if they can successfully trick them into performing specific actions, such as logging in. This could lead to phishing incidents where users are redirected from legitimate sites to malicious ones (WPScan, Patchstack).

The vulnerability has been fixed in version 6.9.19 of the Advanced Access Manager plugin. Users are advised to update to this version or later to remove the vulnerability (Patchstack).