CVE-2025-30781
📋 TL;DR
This vulnerability allows attackers to redirect users from legitimate WooCommerce order status pages to malicious websites through crafted URLs. It affects all WordPress sites using the Scheduled & Automatic Order Status Controller for WooCommerce plugin. Attackers can exploit this to conduct phishing attacks by tricking users into visiting fake login pages or malware distribution sites.
💻 Affected Systems
- Scheduled & Automatic Order Status Controller for WooCommerce
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Successful phishing campaigns leading to credential theft, financial fraud, or malware infections across the entire customer base.
Likely Case
Targeted phishing attacks against customers, potentially compromising their accounts and payment information.
If Mitigated
Limited impact with proper user education and browser security warnings about redirects.
🎯 Exploit Status
Open redirect vulnerabilities are commonly exploited in phishing campaigns and require minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 3.7.1
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Scheduled & Automatic Order Status Controller for WooCommerce'
4. Click 'Update Now' if available
5. If no update available, deactivate and delete the plugin
6. Install latest version from WordPress repository
🔧 Temporary Workarounds
Plugin Deactivation
allTemporarily disable the vulnerable plugin until patched version is available
wp plugin deactivate order-status-rules-for-woocommerce
Web Application Firewall Rule
allBlock redirects to external domains from order status pages
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to restrict redirects
- Monitor web server logs for suspicious redirect patterns and unusual outbound traffic
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Scheduled & Automatic Order Status Controller for WooCommerce' version 3.7.1 or earlierCheck Version:
wp plugin get order-status-rules-for-woocommerce --field=versionVerify Fix Applied:
Verify plugin version is higher than 3.7.1 in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP 302/301 redirects from /wp-admin/admin-ajax.php or order status pages to external domains
- Unusual referrer patterns in access logs
Network Indicators:
- Outbound connections to suspicious domains following order status page visits
- Redirect chains ending in phishing-looking domains
SIEM Query:
event.category:web AND http.response.status_code:(301 OR 302) AND url.path:*admin-ajax* AND url.query:*redirect*