#VU27419 Improper Privilege Management in Quick Page/Post Redirect Plugin
Published: April 29, 2020
Vulnerability identifier: #VU27419
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-269
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Quick Page/Post Redirect Plugin
Quick Page/Post Redirect Plugin
Software vendor:
anadnet
anadnet
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a lack of capability check and a weak security nonce. A remote authenticated attacker can interact with the plugin settings and create a redirect link that would forward all traffic to an external malicious website.
Redirections are performed via the 'Location' header".
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.