WordPress Plugin Vulnerabilities

SEO Redirection < 9.1 - 404 Error & History Deletion via CSRF

Description

The plugin does not have CSRF check when deleting 404 errors and history, which could allow attackers to make logged in admins delete them via CSRF attacks

Affects Plugins

Plugin icon
seo-redirection
Fixed in 9.1

References

CVE
CVE-2022-38704

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
d3820720-126e-46af-98c1-b6ecfd76fd53

Timeline

Publicly Published
2022-09-23 (about 3 years ago)
Added
2022-09-25 (about 3 years ago)
Last Updated
2022-09-25 (about 3 years ago)

Other

Published
Title
Published
2024-11-28
Title
WP Revisions Manager <= 1.0.2 - Cross-Site Request Forgery
Published
2021-08-18
Title
Jock on air now < 5.6.2 - Arbitrary Plugin's Settings Update via CSRF
Published
2025-11-03
Title
Visit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-10-26
Title
DoFollow Case by Case < 3.6.0 - Cross-Site Request Forgery
Published
2025-05-07
Title
GPT3 AI Content Writer < 1.9.15 - Cross-Site Request Forgery