WordPress Plugin Vulnerabilities

Seraphinite Accelerator < 2.2.29 - Authenticated Arbitrary Redirect

Description

The plugin does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect

Proof of Concept

Affects Plugins

Plugin icon
seraphinite-accelerator
Fixed in 2.2.29

References

CVE
CVE-2023-5610

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Submitter
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
e880a9fb-b089-4f98-9781-7d946f22777e

Timeline

Publicly Published
2023-10-27 (about 2 years ago)
Added
2023-10-27 (about 2 years ago)
Last Updated
2023-10-27 (about 2 years ago)

Other

Published
Title
Published
2025-03-27
Title
Scheduled & Automatic Order Status Controller for WooCommerce < 3.7.2 - Open Redirect
Published
2024-06-19
Title
Export WP Page to Static HTML/CSS < 2.2.3 - Open Redirect
Published
2021-08-25
Title
Nested Pages < 3.1.16 - Open Redirect
Published
2025-11-03
Title
WP Front User Submit < 5.0.0 - Open Redirect
Published
2023-10-06
Title
affiliate-toolkit – WordPress Affiliate Plugin < 3.4.0 - Open Redirect via atkpout.php