Vulnerability Details CVE-2014-2598
Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.8%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/show/osvdb/105707
- http://osvdb.org/show/osvdb/105708
- http://packetstormsecurity.com/files/126127
- http://seclists.org/fulldisclosure/2014/Apr/171
- http://secunia.com/advisories/57883
- http://www.exploit-db.com/exploits/32867
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92528
- https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/
- https://wordpress.org/plugins/quick-pagepost-redirect-plugin/changelog/
- http://osvdb.org/show/osvdb/105707
- http://osvdb.org/show/osvdb/105708
- http://packetstormsecurity.com/files/126127
- http://seclists.org/fulldisclosure/2014/Apr/171
- http://secunia.com/advisories/57883
- http://www.exploit-db.com/exploits/32867
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92528
- https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/
- https://wordpress.org/plugins/quick-pagepost-redirect-plugin/changelog/
Products affected by CVE-2014-2598
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.0
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.1
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.2
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.3
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.4
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.5
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.6
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.6.1
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.7
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.8
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:1.9
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:2.0
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:2.1
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:3.0
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:3.1
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:3.2
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:3.2.1
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:3.2.2
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:3.2.3
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:4.0
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:4.1
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:4.2
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:4.2.1
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:4.2.2
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:5.0
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:5.0.1
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:5.0.2
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:5.0.3
-
cpe:2.3:a:quick_page/post_redirect_project:quick_page/post_redirect:5.0.4