CVE-2025-28896: 
WordPress vulnerability analysis and mitigation

URL Redirection to Untrusted Site ('Open Redirect') vulnerability was discovered in Akshar Soft Solutions AS English Admin WordPress plugin affecting versions through 1.0.0. The vulnerability was reported by Abdi Pranata on February 24, 2025, and was officially published on March 11, 2025, receiving the identifier CVE-2025-28896 (Patchstack).

The vulnerability is classified as an Open Redirect issue, falling under the CWE-601 category. It received a CVSS v3.1 base score of 4.7 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N. The vulnerability can be exploited without authentication, indicating a lower barrier to exploitation (NVD, Patchstack).

The vulnerability allows malicious actors to redirect users from legitimate sites to potentially malicious ones due to insufficient validation of redirect URLs. This could facilitate phishing attacks by initially presenting users with a legitimate site before redirecting them to a malicious destination (Patchstack).

As of the vulnerability disclosure, no official fix has been released for the AS English Admin plugin. Given the security implications, users are advised to consider alternative plugins or implement additional security controls to prevent unauthorized redirects (Patchstack).