WordPress Plugin Vulnerabilities

Responsive Column Widgets <= 1.2.7 - Open Redirect via responsive_column_widgets_link

Description

The Responsive Column Widgets plugin for WordPress is vulnerable to Open Redirect in versions up to, and including, 1.2.7. This is due to insufficient validation on the redirect url supplied via the responsive_column_widgets_link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

Plugin icon
responsive-column-widgets
No known fix

References

CVE
CVE-2023-45762
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/a092266b-bd7f-424d-b8c4-d79e4811e6c9

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Phd
Verified
No
WPVDB ID
c1c6a8f5-16e8-41b9-b365-dd8ac5556791

Timeline

Publicly Published
2023-10-12 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-11 (about 2 years ago)

Other

Published
Title
Published
2025-11-29
Title
Flexmls® IDX < 3.15.8 - Unauthenticated Open Redirect
Published
2025-05-07
Title
WP Gravity Forms Zendesk < 1.1.3 - Open Redirect
Published
2026-04-13
Title
User Registration & Membership < 5.1.5 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter
Published
2019-09-05
Title
WordPress 5.2.2 - Potential Open Redirect
Published
2025-03-11
Title
AS English Admin <= 1.0.0 - Open Redirection