WordPress Plugin Vulnerabilities

Redirection < 2.8 - Authenticated Local File Inclusion

Description

The Redirection WordPress plugin was affected by an Authenticated Local File Inclusion security vulnerability.

Affects Plugins

Plugin icon
redirection
Fixed in 2.8

References

URL
https://advisories.dxw.com/advisories/ace-file-inclusion-redirection/
URL
https://seclists.org/fulldisclosure/2018/Jun/29

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
05f8bb60-7b66-4691-9519-ff9aa5fbe95d

Timeline

Publicly Published
2018-06-12 (about 7 years ago)
Added
2018-06-13 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-06-20
Title
WishList Member X < 3.26.7 - Authenticated (Subscriber+) Arbitrary File Deletion
Published
2018-09-19
Title
Localize My Post 1.0 - Unauthenticated Local File Inclusion (LFI)
Published
2026-03-19
Title
ilGhera Carta Docente for WooCommerce < 1.5.1 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter
Published
2015-04-13
Title
WP Mobile Edition < 2.3 - Remote File Disclosure
Published
2025-09-26
Title
Workreap < 3.3.6 - Authenticated (Subscriber+) Arbitrary File Deletion