Lucene search

MitreCVE-2019-6267

HistoryJan 15, 2019 - 12:29 a.m.

CVE-2019-6267

2019-01-1500:29:00

CWE-79

mitre

web.nvd.nist.gov

cve

2019

6267

premium wp suite

easy redirect manager

xss

wordpress

log

templates

uri

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

52.8%

JSON

The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI.

Affected configurations

Nvd

Node

premiumwpsuiteeasy_redirect_managerMatch28.07-17wordpress

VendorProductVersionCPE
premiumwpsuiteeasy_redirect_manager28.07-17cpe:2.3:a:premiumwpsuite:easy_redirect_manager:28.07-17:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
premiumwpsuite	easy_redirect_manager	28.07-17	cpe:2.3:a:premiumwpsuite:easy_redirect_manager:28.07-17:::::wordpress::

References

wordpress.org/plugins/easy-redirect-manager/#developers

wpvulndb.com/vulnerabilities/9203

www.logicallysecure.com/blog/ls-team-discovers-xss-in-wordpress-plugin/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

52.8%

JSON

Related for CVE-2019-6267