Vulnerability Description
The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webfactoryltd | 301 Redirects | < 2.45 |
Related Weaknesses (CWE)
References
- https://wpvulndb.com/vulnerabilities/9979ExploitThird Party Advisory
- https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redExploitThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9979ExploitThird Party Advisory
- https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redExploitThird Party Advisory
FAQ
What is CVE-2019-19915?
CVE-2019-19915 is a vulnerability with a CVSS score of 9.0 (CRITICAL). The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /ad...
How severe is CVE-2019-19915?
CVE-2019-19915 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-19915?
Check the references section above for vendor advisories and patch information. Affected products include: Webfactoryltd 301 Redirects.