WordPress Plugin Vulnerabilities

Redirection < 1.1.4 - Redirect Creation via CSRF

Description

The plugin does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.

Proof of Concept

Affects Plugins

Plugin icon
redirect-redirection
Fixed in 1.1.4

References

CVE
CVE-2023-1330

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Mohamed Selim
Submitter
Mohamed Selim
Submitter website
https://facebook.com/caesareg
Verified
Yes
WPVDB ID
de4cff6d-0030-40e6-8221-fef56e12b4de

Timeline

Publicly Published
2023-03-10 (about 2 years ago)
Added
2023-03-10 (about 2 years ago)
Last Updated
2023-03-10 (about 2 years ago)

Other

Published
Title
Published
2022-11-30
Title
Advanced Coupons for WooCommerce Coupons < 4.5.0.1 - Notice Dismiss via CSRF
Published
2025-01-24
Title
Starter Templates < 4.4.10 - Cross-Site Request Forgery
Published
2022-06-30
Title
Image Slider < 1.1.123 - Arbitrary Post Duplication via CSRF
Published
2024-05-07
Title
Barcode Scanner with Inventory & Order Manager < 1.5.5 - Cross-Site Request Forgery
Published
2025-06-05
Title
Global Translator <= 2.0.2 - Cross-Site Request Forgery