Main Vulnerability Database SB2020042907

SB2020042907 - Privilege escalation in Quick Page/Post Redirect Plugin for WordPress

Published: April 29, 2020

Security Bulletin ID SB2020042907

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Privilege Management (CVE-ID: N/A)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a lack of capability check and a weak security nonce. A remote authenticated attacker can interact with the plugin settings and create a redirect link that would forward all traffic to an external malicious website.

Redirections are performed via the 'Location' header".

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://wpvulndb.com/vulnerabilities/10198/
https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-wordpress-quick-page-post-redirect-plugin-unpatched/