Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-17 | CVE-2019-16393 | Open Redirect vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. | 6.1 |
| 2019-09-12 | CVE-2019-6009 | Open Redirect vulnerability in Ss-Proj Shirasagi Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.1 |
| 2019-09-12 | CVE-2019-6004 | Open Redirect vulnerability in Fujixerox products Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.1 |
| 2019-09-12 | CVE-2019-5978 | Open Redirect vulnerability in Cybozu Garoon Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. | 6.1 |
| 2019-09-11 | CVE-2019-16220 | Open Redirect vulnerability in multiple products In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. | 6.1 |
| 2019-09-06 | CVE-2019-14223 | Open Redirect vulnerability in Alfresco An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. | 6.1 |
| 2019-08-30 | CVE-2019-15820 | Open Redirect vulnerability in Login or Logout Menu Item Project Login or Logout Menu Item 1.0.0/1.1.0/1.1.1 The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. | 6.1 |
| 2019-08-30 | CVE-2019-15818 | Open Redirect vulnerability in Webcraftic Simple 301 Redirects The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. | 6.1 |
| 2019-08-30 | CVE-2019-15816 | Open Redirect vulnerability in Wpexpertdeveloper WP Private Content Plus The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | 7.5 |
| 2019-08-29 | CVE-2019-15771 | Open Redirect vulnerability in Components for WP Bakery Page Builder Project Components for WP Bakery Page Builder The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | 6.1 |