WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities

Vulnerability

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities exist in the SEO Redirection Plugin – 301 Redirect Manager for WordPress, affecting versions 8.9 and earlier [1]. The plugin fails to properly validate or sanitize requests, allowing an attacker to trick an authenticated administrator into executing unwanted actions without their consent.

Exploitation

An attacker can craft a malicious link or webpage that, when visited by a logged-in WordPress administrator, triggers a forged request to the vulnerable plugin. The attack requires no direct network access to the server but relies on social engineering to lure the administrator into clicking the crafted link while authenticated. The CSRF token verification is missing or insufficient.

Impact

Successful exploitation enables an attacker to perform any action the administrator is authorized to do within the plugin, such as modifying redirect rules, deleting settings, or changing configuration. This can lead to redirection of site traffic to malicious sites, SEO manipulation, or disruption of normal site operation. The impact is limited to actions available within the plugin's admin interface [1].

Mitigation

The vendor released version 9.17 which updates the plugin and presumably addresses these vulnerabilities [1]. Users should upgrade to the latest version immediately. There are no known workarounds for older versions; updating is the recommended mitigation.