Quick Page/Post redirect <= 5.1.9 - Authenticated Settings Update



Description
"A lack of capability check and a weak security nonce could allow a low-privileged user such as a contributor to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website. Redirections are performed via the 'Location' header"

Affects Plugin

no known fix
- plugin closed

References

URL https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-wordpress-quick-page-post-redirect-plugin-unpatched/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 1605
Verified No
WPVDB ID 10198

Timeline

Publicly Published 2020-04-28 (28 days ago)
Added 2020-04-28 (27 days ago)
Last Updated 2020-04-29 (26 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin