Redirection Security Vulnerabilities

CVE-2023-23990

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...

CVE-2024-30506

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Stored XSS.This issue affects All In One Redirection: from n/a through...

CVE-2023-3977

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for...

CVE-2023-0958

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with...

CVE-2023-2493

The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as...

CVE-2023-1331

The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF...

CVE-2023-1330

The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF...

CVE-2023-23899

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin...

CVE-2022-40695

Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on...

CVE-2021-36913

Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin)...

CVE-2022-38704

Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection...

CVE-2022-0250

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site...

CVE-2021-24847

The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is...

CVE-2021-24327

The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS...

CVE-2021-24325

The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an...

CVE-2021-24324

The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting...

CVE-2021-24280

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP...

CVE-2021-24281

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target...

CVE-2021-24282

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7r_reset_settings to reset the plugin’s settings, wpcf7r_add_action.....

CVE-2021-24278

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress...

CVE-2021-24279

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress...

CVE-2021-24187

The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an...

CVE-2011-5329

The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than...

CVE-2012-6717

The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than...

CVE-2018-1000504

Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This...

CVE-2018-1000509

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This....

CVE-2015-1580

Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3)...