| CVE-2025-14153 | Page Expire Popup/Redirection for WordPress <= 1.0 - Authenticated (Author+) SQL Injection via 'id' Shortcode Attribute | vikasratudi | Page Expire Popup/Redirection for WordPress | Medium | 6.5 | 2026-01-06 03:21:40 | Deep Dive |
| CVE-2025-14800 | Redirection for Contact Form 7 <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload | themeisle | Redirection for Contact Form 7 | High | 8.1 | 2025-12-21 07:31:11 | Deep Dive |
| CVE-2025-9562 | Redirection for Contact Form 7 <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via qs_date Shortcode | themeisle | Redirection for Contact Form 7 | Medium | 6.4 | 2025-10-18 06:42:47 | Deep Dive |
| CVE-2025-58261 | WordPress Mavis HTTPS to HTTP Redirection Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability | PressPage Entertainment Inc | Mavis HTTPS to HTTP Redirection | High | 7.1 | 2025-09-22 18:23:21 | Deep Dive |
| CVE-2025-8141 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion | themeisle | Redirection for Contact Form 7 | High | 8.8 | 2025-08-20 01:44:37 | Deep Dive |
| CVE-2025-8289 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization | themeisle | Redirection for Contact Form 7 | High | 7.5 | 2025-08-20 01:44:36 | Deep Dive |
| CVE-2025-8145 | Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated PHP Object Injection | themeisle | Redirection for Contact Form 7 | High | 8.8 | 2025-08-20 01:44:36 | Deep Dive |
| CVE-2025-50173 | Windows Installer Elevation of Privilege Vulnerability | Microsoft | Multimedia Redirection Installer | High | 7.8 | 2025-08-12 17:10:09 | Deep Dive |
| CVE-2025-7645 | Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion | htplugins | Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) | High | 8.1 | 2025-07-22 06:38:50 | Deep Dive |
| CVE-2025-32266 | WordPress 404 Image Redirection (Replace Broken Images) plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability | wp-buy | 404 Image Redirection (Replace Broken Images) | Medium | 4.3 | 2025-04-04 15:59:41 | Deep Dive |
| CVE-2025-1502 | IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export | ip2location | IP2Location Redirection | Medium | 5.3 | 2025-03-01 06:39:28 | Deep Dive |
| CVE-2024-13422 | SEO Blogger to WordPress Migration using 301 Redirection <= 0.4.8 - Reflected Cross-Site Scripting | suhas93 | SEO Blogger to WordPress Migration using 301 Redirection | Medium | 6.1 | 2025-01-23 11:13:29 | Deep Dive |
| CVE-2025-23681 | WordPress REDIRECTION PLUS plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | tahminajannat | REDIRECTION PLUS | High | 7.1 | 2025-01-22 14:29:18 | Deep Dive |
| CVE-2023-39920 | WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability | Themeisle | Redirection for Contact Form 7 | 高危 | - | 2024-12-13 14:23:59 | Deep Dive |
| CVE-2024-11341 | Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect | agencenous | Simple Redirection | Medium | 4.3 | 2024-12-05 09:23:06 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-47354 | WordPress Simple Membership After Login Redirection plugin <= 1.6 - Open Redirection vulnerability | wp.insider | Simple Membership After Login Redirection | Medium | 4.7 | 2024-10-10 18:09:14 | Deep Dive |
| CVE-2024-37245 | WordPress All In One Redirection plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | Vsourz Digital | All In One Redirection | High | 7.1 | 2024-07-22 09:08:51 | Deep Dive |
| CVE-2023-23990 | WordPress Redirection for Contact Form 7 plugin <= 2.7.0 - Privilege Escalation vulnerability | Qube One Ltd. | Redirection for Contact Form 7 | High | 7.6 | 2024-05-17 06:33:39 | Deep Dive |
| CVE-2024-30506 | WordPress All In One Redirection plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | Vsourz Digital | All In One Redirection | High | 7.1 | 2024-03-29 14:13:12 | Deep Dive |