QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-19915

Back to search

CVE-2019-19915

Published: Dec 19, 2019

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

9.0

CRITICAL

Description

The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.

VendorProductVersions

n/a

n/a

affected
n/a

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:R

Attack Complexity

Low

Attack Vector

Network

Availability

High

Confidentiality

High

Integrity

High

Privileges Required

Low

Scope

Changed

User Interaction

Required

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now