Redirection
by Inisev
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-3977 | Med | 0.21 | 4.3 | 0.01 | Jul 28, 2023 | Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it… | ||
| CVE-2023-0958 | Med | 0.21 | 4.3 | 0.01 | Jul 28, 2023 | Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for… | ||
| CVE-2023-1331 | 0.00 | — | 0.00 | Apr 17, 2023 | The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack. | |||
| CVE-2023-1330 | 0.00 | — | 0.00 | Apr 3, 2023 | The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. | |||
| CVE-2022-38704 | 0.00 | — | 0.00 | Sep 23, 2022 | Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history. | |||
| CVE-2011-5329 | 0.00 | — | 0.01 | Aug 28, 2019 | The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. | |||
| CVE-2012-6717 | 0.00 | — | 0.01 | Aug 28, 2019 | The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. |
- risk 0.21cvss 4.3epss 0.01
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it…
- risk 0.21cvss 4.3epss 0.01
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for…
- CVE-2023-1331Apr 17, 2023risk 0.00cvss —epss 0.00
The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack.
- CVE-2023-1330Apr 3, 2023risk 0.00cvss —epss 0.00
The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.
- CVE-2022-38704Sep 23, 2022risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
- CVE-2011-5329Aug 28, 2019risk 0.00cvss —epss 0.01
The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562.
- CVE-2012-6717Aug 28, 2019risk 0.00cvss —epss 0.01
The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562.