ThreatPress

WordPress Vulnerabilities Database

Back

WordPress 301 Redirects plugin <= 2.40 - Authenticated Arbitrary Redirect Injection, XSS, and CSRF vulnerabilities

Product
301 Redirects
Description
Authenticated Arbitrary Redirect Injection, XSS, and CSRF vulnerabilities found by Chloe Chamberland in WordPress 301 Redirects plugin (versions <= 2.40).
Solution
Update the WordPress 301 Redirects plugin to the latest available version (at least 2.45).
Classification
Type Multi
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.40
Fixed In 2.45
Disclosure date
2019-12-20
Credits
Chloe Chamberland
Submitter
ThreatPress