WordPress Plugin Vulnerabilities

Simple Mobile URL Redirect <= 1.7.2 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.

Affects Plugins

Plugin icon
simple-mobile-url-redirect
No known fix

References

CVE
CVE-2023-23897
URL
https://patchstack.com/database/vulnerability/simple-mobile-url-redirect/wordpress-simple-mobile-url-redirect-plugin-1-7-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
d18e0c31-0272-41e3-a17e-bb98ba73d425

Timeline

Publicly Published
2023-03-20 (about 3 years ago)
Added
2023-07-10 (about 2 years ago)
Last Updated
2023-07-10 (about 2 years ago)

Other

Published
Title
Published
2025-12-31
Title
Custom Style <= 1.0 - Cross-Site Request Forgery
Published
2025-06-05
Title
Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant < 4.1.2 - Cross-Site Request Forgery
Published
2020-09-26
Title
Customizr < 4.3.1 - Arbitrary Settings Update via CSRF
Published
2024-10-22
Title
Transients Manager < 2.0.7 - Cross-Site Request Forgery
Published
2024-11-22
Title
Zajax – Ajax Navigation <= 0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting