What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy 404 Image Redirection (Replace Broken Images) broken-images-redirection allows Cross Site Request Forgery.This issue affects 404 Image Redirection (Replace Broken Images): from n/a through <= 1.4.
Explanation of Vulnerability in Simple Terms
02Summary
The 404 Image Redirection plugin for WordPress contains a cross-site request forgery (CSRF) vulnerability in versions 1.4 and earlier. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unwanted actions on the plugin's settings without the administrator's knowledge or consent. This could allow modification of plugin configuration or other administrative functions.
What an attacker can do
03Attacker Capabilities
Trick a site admin into visiting a malicious page that changes plugin settings or performs admin actions without their consent.
Potential impact on your site
04Site Impact
Plugin settings could be altered by attackers without your knowledge if you visit a malicious link while logged in.
Conditions required to exploit
05Prerequisites
Admin must visit attacker-controlled page while logged into WordPress; no special plugin configuration required.
Key dates
06Disclosure timeline
April 4, 2025
CVE published
April 28, 2026
Record updated