WordPress Plugin Vulnerabilities

Seraphinite Accelerator < 2.2.29 - Authenticated Arbitrary Redirect

Description

The plugin does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect

Proof of Concept

Affects Plugins

Plugin icon
seraphinite-accelerator
Fixed in 2.2.29

References

CVE
CVE-2023-5610

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Submitter
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
e880a9fb-b089-4f98-9781-7d946f22777e

Timeline

Publicly Published
2023-10-27 (about 2 years ago)
Added
2023-10-27 (about 2 years ago)
Last Updated
2023-10-27 (about 2 years ago)

Other

Published
Title
Published
2020-08-12
Title
Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
Published
2024-09-30
Title
ElementsReady Addons for Elementor 6.4.2 - Open Redirect
Published
2022-01-17
Title
Noptin < 1.6.5 - Open Redirect
Published
2025-06-12
Title
Automation By Autonami < 3.6.1 - Open Redirect
Published
2024-04-05
Title
OAuth Server < 4.4.0 - Open Redirect