Improper Privilege Management in Quick Page/Post Redirect Plugin - #VU27419
Published: April 29, 2020
Vulnerability identifier: #VU27419
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-269
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: anadnet
Affected software:
Quick Page/Post Redirect Plugin
Quick Page/Post Redirect Plugin
Detailed vulnerability description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a lack of capability check and a weak security nonce. A remote authenticated attacker can interact with the plugin settings and create a redirect link that would forward all traffic to an external malicious website.
Redirections are performed via the 'Location' header".
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.