Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-11 | CVE-2019-16220 | Open Redirect vulnerability in multiple products In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. | 6.1 |
| 2019-09-06 | CVE-2019-14223 | Open Redirect vulnerability in Alfresco An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. | 6.1 |
| 2019-08-30 | CVE-2019-15820 | Open Redirect vulnerability in Login or Logout Menu Item Project Login or Logout Menu Item 1.0.0/1.1.0/1.1.1 The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. | 6.1 |
| 2019-08-30 | CVE-2019-15818 | Open Redirect vulnerability in Webcraftic Simple 301 Redirects The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. | 6.1 |
| 2019-08-30 | CVE-2019-15816 | Open Redirect vulnerability in Wpexpertdeveloper WP Private Content Plus The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | 7.5 |
| 2019-08-29 | CVE-2019-15771 | Open Redirect vulnerability in Components for WP Bakery Page Builder Project Components for WP Bakery Page Builder The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | 6.1 |
| 2019-08-29 | CVE-2019-15776 | Open Redirect vulnerability in Webcraftic Simple 301 Redirects-Addon-Bulk Uploader The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. | 6.1 |
| 2019-08-29 | CVE-2019-15775 | Open Redirect vulnerability in Learning Courses Project Learning Courses The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | 6.1 |
| 2019-08-29 | CVE-2019-15774 | Open Redirect vulnerability in Booking Project Booking The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | 6.1 |
| 2019-08-29 | CVE-2019-15773 | Open Redirect vulnerability in Travel Management Project Travel Management The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | 6.1 |