9
CVE-2019-19915
- EPSS 0.19%
- Veröffentlicht 19.12.2019 22:15:13
- Zuletzt bearbeitet 21.11.2024 04:35:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Login301 Redirects - Easy Redirect Manager <= 2.40 - Missing Authorization
The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.
Mögliche Gegenmaßnahme
301 Redirects – Redirect Manager: Update to version 2.45, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
301 Redirects – Redirect Manager
Version
* - 2.40
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webfactoryltd ≫ 301 Redirects SwPlatformwordpress Version < 2.45
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.406 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 2.3 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
| cve@mitre.org | 9 | 2.3 | 6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.