CVE-2024-47648: 
WordPress vulnerability analysis and mitigation

A URL Redirection to Untrusted Site ('Open Redirect') vulnerability was discovered in EventPrime WordPress plugin affecting versions through 4.0.4.5. The vulnerability was identified on September 30, 2024, and was assigned CVE-2024-47648. The issue allows unauthenticated attackers to perform open redirect attacks due to improper URL validation (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) by NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. Patchstack has assigned it a slightly lower CVSS score of 4.7 (Medium) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N. The vulnerability is classified as CWE-601: URL Redirection to Untrusted Site (NVD).

The vulnerability could allow malicious actors to redirect users from legitimate sites to malicious ones, potentially leading to phishing incidents. When users visit what appears to be a legitimate site, they could be redirected to a malicious site without proper validation (Patchstack).

The vulnerability has been fixed in EventPrime version 4.0.4.6. Users are advised to update to this version or later to remove the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).