CSRF in the Clean Login plugin prior to 1.8 for WordPress allows remote malicious users to change the login redirect URL or logout redirect URL.
codection clean login 1.7.12