WordPress Plugin Vulnerabilities

WP Directory Kit < 1.2.0 - Open Redirect

Description

The plugin does not sufficiently validate redirect URL's, leading to an Open Redirect vulnerability.

Affects Plugins

Plugin icon
wpdirectorykit
Fixed in 1.2.0

References

CVE
CVE-2023-31229

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
No
WPVDB ID
58309bc7-fbaf-45d2-a7b3-29e8a4d4c933

Timeline

Publicly Published
2023-04-27 (about 2 years ago)
Added
2023-06-13 (about 2 years ago)
Last Updated
2023-06-13 (about 2 years ago)

Other

Published
Title
Published
2025-04-17
Title
Sassy Social Share < 3.3.74 - Open Redirect
Published
2024-04-05
Title
App Builder < 3.8.8 - Open Redirection
Published
2016-04-25
Title
The Events Calendar <= 4.1.1 - Open Redirect
Published
2014-08-07
Title
Feed Statistics < 4.0 - Open Redirect
Published
2025-10-10
Title
CM Registration – Tailored tool for seamless login and invitation-based registrations < 2.5.7 - Open Redirect