CVE-2025-68602
📋 TL;DR
This CVE describes an open redirect vulnerability in the WordPress 'Accept Donations with PayPal' plugin. Attackers can craft malicious URLs that redirect users to phishing sites when clicked. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WordPress Accept Donations with PayPal Plugin (easy-paypal-donation)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Users are redirected to convincing phishing sites that steal login credentials, payment information, or install malware.
Likely Case
Attackers use the vulnerability in phishing campaigns to redirect users to fake PayPal or donation pages to steal credentials.
If Mitigated
With proper user education about suspicious links and browser security warnings, impact is limited to user confusion.
🎯 Exploit Status
Open redirect vulnerabilities are commonly exploited in phishing campaigns and require minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.5.1
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Accept Donations with PayPal'. 4. Click 'Update Now' if available. 5. If no update is available, deactivate and delete the plugin.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the vulnerable plugin until patched.
wp plugin deactivate easy-paypal-donation
Web Application Firewall Rule
allBlock redirects to external domains from the plugin's endpoints.
🧯 If You Can't Patch
- Deactivate and remove the plugin entirely
- Implement strict Content Security Policy (CSP) headers to restrict redirects
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'Accept Donations with PayPal' version 1.5.1 or earlier.Check Version:
wp plugin get easy-paypal-donation --field=versionVerify Fix Applied:
Verify plugin version is greater than 1.5.1 or plugin is removed.📡 Detection & Monitoring
Log Indicators:
- HTTP 302 redirects from plugin endpoints to external domains
- Unusual traffic patterns to /wp-content/plugins/easy-paypal-donation/
Network Indicators:
- Redirects from your domain to suspicious external URLs
- Phishing campaign emails containing your domain with redirect parameters
SIEM Query:
url.path:"/wp-content/plugins/easy-paypal-donation/" AND http.status_code:302 AND NOT url.domain:yourdomain.com