CVE-2025-39597: 
WordPress vulnerability analysis and mitigation

URL Redirection to Untrusted Site ('Open Redirect') vulnerability affects Arthur Yarwood Fast eBay Listings plugin through version 2.12.15. The vulnerability was discovered and reported by Nguyen Xuan Chien on March 29, 2025, and was publicly disclosed on April 16, 2025 (Patchstack).

The vulnerability is classified as an Open Redirect issue with a CVSS v3.1 Base Score of 4.7 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N. The vulnerability is tracked as CWE-601 (URL Redirection to Untrusted Site). The issue allows attackers to redirect users from one site to another due to insufficient validation of redirect URLs (Patchstack).

This vulnerability could allow malicious actors to redirect users from legitimate sites to malicious ones. Users could be tricked into visiting a legitimate site only to be redirected to a malicious site, potentially leading to phishing incidents (Patchstack).

The vulnerability has been fixed in version 2.12.16 of the Fast eBay Listings plugin. Users are advised to update to this version or later to remove the vulnerability. For Patchstack users, enabling auto-update for vulnerable plugins is recommended (Patchstack).