WordPress Plugin Vulnerabilities
WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF
Description
The plugin does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack
Proof of Concept
https://example.com/wp-admin/admin.php?page=wp-seo-redirect-301/seo_redirect_list.php&delete_id=12&delete_url=https://example.com/yolo delete_id is the post id, which is public and the delete_url is the URL that redirects to the destination. So an attacker has all the info to exploit it
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Francesco Carlucci
Submitter
Francesco Carlucci
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-10-11 (about 2 years ago)
Added
2021-10-11 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)