CVE-2024-37234: 
WordPress vulnerability analysis and mitigation

CVE-2024-37234 is an Open Redirect vulnerability discovered in the WordPress Academy LMS plugin, affecting versions up to 2.0.10. The vulnerability was identified by researcher Mochamad Sofyan and was disclosed on June 21, 2024. The issue affects the Academy LMS plugin developed by Kodezen Limited (Patchstack).

The vulnerability is classified as a URL Redirection to Untrusted Site ('Open Redirect') with a CVSS v3.1 base score of 3.5 (Low), and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N. The issue is tracked under CWE-601 (URL Redirection to Untrusted Site). The vulnerability requires subscriber-level privileges to exploit (Patchstack).

The vulnerability could allow a malicious actor to redirect users from one site to another due to insufficient validation of redirect URLs. Users could be tricked into visiting a legitimate site only to be redirected to a malicious site, potentially leading to phishing incidents (Patchstack).

The vulnerability has been fixed in version 2.0.11 of the Academy LMS plugin. Users are advised to update to version 2.0.11 or later to remediate the issue. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).