CVE-2025-1488

Name of the Vulnerable Software and Affected Versions WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress versions up to and including 3.2

Description The issue is related to insufficient validation on the redirect url supplied via the redirect to parameter, making it possible for unauthenticated attackers to redirect users to potentially malicious sites. This can happen if attackers can trick users into performing an action and the plugin is activated but not configured.

Recommendations For versions up to and including 3.2, as a temporary workaround, consider restricting access to the redirect to parameter to minimize the risk of exploitation. Avoid using the redirect to parameter in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.