WordPress Plugin Vulnerabilities

Parcel Pro < 1.6.12 - Open Redirect

Description

The plugin does not validate the redirect parameter before redirecting the user to its value, leading to an Open Redirect issue

Affects Plugins

Plugin icon
woo-parcel-pro
Fixed in 1.6.12

References

CVE
CVE-2023-46624
URL
https://patchstack.com/database/vulnerability/woo-parcel-pro/wordpress-parcel-pro-plugin-1-6-3-open-redirection-vulnerability

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
No
WPVDB ID
26a42181-7aa9-4fa2-bb77-31335cbc911f

Timeline

Publicly Published
2023-10-25 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-07 (about 2 years ago)

Other

Published
Title
Published
2021-02-16
Title
Ninja Forms < 3.4.34 - Administrator Open Redirect
Published
2025-10-21
Title
WP Gravity Forms Zoho CRM and Bigin < 1.2.9 - Open Redirect
Published
2014-05-07
Title
Prostore < 1.1.3 - Open Redirection
Published
2023-10-27
Title
Seraphinite Accelerator < 2.2.29 - Authenticated Arbitrary Redirect
Published
2021-06-14
Title
wpForo Forum < 1.9.7 - Open Redirect