CVE-2026-39484 PUBLISHED

WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability

Assigner: Patchstack
Reserved: 07.04.2026 Published: 08.04.2026 Updated: 08.04.2026

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.

Product Status

Vendor	John Darrel
Product	Hide My WP Ghost
Versions	Default: unaffected affected from 0 to 7.0.00 (incl.)

Credits

Or Benit | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/Wordpress/Plugin/hide-my-wp/vulnerability/wordpress-hide-my-wp-ghost-plugin-7-0-00-open-redirection-vulnerability?_s_id=cve

Problem Types

URL Redirection to Untrusted Site ('Open Redirect') CWE

Impacts

Phishing