Unvalidated Redirects and Forwards

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.


  1. https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
  2. https://cwe.mitre.org/data/definitions/601.html
  3. https://developers.google.com/search/blog/2009/01/open-redirect-urls-is-your-site-being

List of Unvalidated Redirects and Forwards Flaws

Status Component Name Version Disclosed By Disclosure Date Access Level CVE-Number
wp-plugin : wp-symposium 13.12 Anantshri 2014/07/07 Contributor Not Assigned
wp-plugin : daily-inspiration-generator 2 Anantshri 2014/07/07 Unauthenticated Not Assigned
wp-plugin : gdeslon-affiliate-shop 2 Prajalkulkarni 2014/05/25 Unauthenticated Not Assigned