WordPress Plugin Vulnerabilities

Redirection < 1.1.5 - Plugin Reset via CSRF

Description

The plugin does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack.

Proof of Concept

Affects Plugins

Plugin icon
redirect-redirection
Fixed in 1.1.5

References

CVE
CVE-2023-1331

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.3 (medium)

Miscellaneous

Original Researcher
Mohamed Selim
Submitter
Mohamed Selim
Submitter website
https://facebook.com/caesareg
Verified
Yes
WPVDB ID
f81d9340-cf7e-46c4-b669-e61f2559cb8c

Timeline

Publicly Published
2023-03-21 (about 2 years ago)
Added
2023-03-21 (about 2 years ago)
Last Updated
2023-03-21 (about 2 years ago)

Other

Published
Title
Published
2025-10-02
Title
Attractive Donations System - Easy Stripe & Paypal donations <= 1.25 - Cross-Site Request Forgery
Published
2025-02-17
Title
MemorialDay < 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-11
Title
Listings for Buildium < 0.1.6 - Stored XSS via CSRF
Published
2021-07-06
Title
WPCS < 1.1.7 - Arbitrary Plugin's Settings Change via CSRF
Published
2023-11-28
Title
Chat Bubble <= 2.4 - Settings Update via CSRF