WCCP Pro - Open Redirect (CVE-2024-6690)
8Exploiting IPs reported
The WCCP Pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites
CrowdSec analysis
CVE-2024-6690 is an open-redirect vulnerability in the WCCP Pro WordPress plugin prior to version 15.3, which allows attackers to redirect users to malicious external sites via the referrer parameter. This flaw can be exploited for phishing attacks or to trick users into visiting harmful websites, potentially leading to credential theft or further compromise.
CrowdSec has been tracking this vulnerability and its exploits since 26th of November 2025.
Data from the CrowdSec community indicates that exploitation of CVE-2024-6690 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2024-6690 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2024-6690 is currently experiencing high visibility and active exploitation across the internet.
Attackers exploit the /wp-content/plugins/wccp-pro/no-js.php endpoint by supplying a crafted referrer parameter to redirect users to external domains, enabling phishing or malware delivery.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.