Redirection <= 3.6.2 – Cross-Site Request Forgery (CSRF)

Affects Plugins

redirection

Fixed in 3.6.3

References

URL

https://www.ripstech.com/php-security-calendar-2018/

URL

https://plugins.trac.wordpress.org/changeset/1974375/redirection

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

RIPS Technologies

Submitter

Ryan Dewhurst

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

4209cf3b-1778-4ac2-b778-3bd5526b681d

Timeline

Publicly Published

2018-12-05 (about 7 years ago)

Added

2018-12-06 (about 7 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2024-12-12

Title

Jet Footer Code <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-05-15

Title

WooCommerce Product Recommendations < 2.3.0 - CSRF

Published

2025-09-22

Title

Current Age Plugin < 1.7 - Cross-Site Request Forgery

Published

2025-01-16

Title

Book a Place <= 0.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2021-09-07

Title

Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting