WordPress Plugin Vulnerabilities

Redirects <= 1.2.1 - Missing Authorization

Description

The Redirects plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on tan unknown function in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
redirects
No known fix

References

CVE
CVE-2023-49845
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/903161b0-b64c-4986-8c94-b90221bc911b

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Skalucy
Verified
No
WPVDB ID
c559c368-92b9-4049-b3b7-8fbe2eae9a53

Timeline

Publicly Published
2023-12-06 (about 2 years ago)
Added
2023-12-10 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-02-03
Title
EAN for WooCommerce < 5.4.0 - Missing Authorization
Published
2026-04-08
Title
WP Directory Kit < 1.5.1 - Missing Authorization
Published
2026-02-09
Title
Business One Page < 1.3.3 - Missing Authorization
Published
2024-04-05
Title
AWP Classifieds < 4.3.2 - Missing Authorization
Published
2025-05-16
Title
AnyWhere Elementor Pro <= 2.29 - Missing Authorization