CVE-2019-19915

301 Redirects - Easy Redirect Manager <= 2.40 - Missing Authorization

mediumMissing Authorization

6.5

CVSS Score

6.5

CVSS Score

medium

Severity

2.45

Patched in

1496d

Time to patch

Description

The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Low

Confidentiality

Low

Integrity

Low

Availability

Technical Details

Affected versions<=2.40

PublishedDecember 19, 2019

Last updatedJanuary 22, 2024

Affected plugineps-301-redirects

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/4fe758c4-027f-4667-a22a-9e859894a40f?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database