Risk | Medium |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | N/A |
CWE-ID | CWE-269 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Quick Page/Post Redirect Plugin Web applications / Modules and components for CMS |
Vendor | anadnet |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU27419
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a lack of capability check and a weak security nonce. A remote authenticated attacker can interact with the plugin settings and create a redirect link that would forward all traffic to an external malicious website.
Redirections are performed via the 'Location' header".
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQuick Page/Post Redirect Plugin: 1.3 - 5.1.9
External linkshttp://wpvulndb.com/vulnerabilities/10198/
http://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-wordpress-quick-page-post-redirect-plugin-unpatched/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.