cleantalk
Vulnerabilities and Security Researches

WP-Redirection, CVE-2026-7562

CVE, Research URL

CVE-2026-7562

Home page URL

Security reports for WP-Redirection

Application

WP-Redirection

Published on
May 12, 2026
Research Description
The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form and the lack of any nonce verification (via check_admin_referer() or wp_verify_nonce()) in the displayWPRedirectionManagementPage() function before processing POST requests that add, edit, or delete URL redirection rules. This makes it possible for unauthenticated attackers to trick a logged-in administrator into clicking a crafted link, causing the attacker to create, modify, or delete redirection records in the plugin's database table without the administrator's consent.
Affected versions
max 1.0.3.
Status
vulnerable
Previous vulnerability researches
Advanced Product Search for WooCommerce – Motive Commerce Search (CVE-2026-42664) , May 13, 2026
New vulnerability
Shortcodely (CVE-2026-6913) , May 14, 2026
Graphic Web Design, Inc. Manager (CVE-2026-6663) , May 14, 2026
Forms Rb (CVE-2026-7050) , May 14, 2026
Fancy Image Show (CVE-2026-5340) , May 14, 2026
Coinbase Commerce for Contact Form 7 (CVE-2026-6709) , May 14, 2026