Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2598

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-2598
Last Modified 06 Jan 2015 11:42:23
Published 05 Jan 2015 03:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2598

Summary

Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php.

Vulnerable Systems

Application

  • Quick Page%2fpost Redirect Project Quick Page%2fpost Redirect 5.0.4


References

CONFIRM - https://wordpress.org/plugins/quick-pagepost-redirect-plugin/changelog/

MISC - https://security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/

XF - quickpage-wordpress-cve20142598-csrf(92528)

EXPLOIT-DB - 32867

SECUNIA - 57883

FULLDISC - 20140411 CSRF and stored XSS in Quick Page/Post Redirect Plugin (WordPress plugin)

MISC - http://packetstormsecurity.com/files/126127

OSVDB - 105708

OSVDB - 105707


Last Updated: 27 May 2016 10:55:46