3 matches found
CVE-2014-2598
Cross-site request forgery CSRF vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the quickpprredirectsrequest parameter in the...
CVE-2014-2598
The CVE-2014-2598 entry documents a CSRF/XSS vulnerability in the WordPress plugin Quick Page/Post Redirect Plugin (affected versions: before 5.0.5). The issue arises from handling of the quickppr_redirects[request][] parameter on the redirect-updates admin page (wp-admin/admin.php), enabling an ...
WordPress Quick Page/Post Redirect Plugin 5.0.3 CSRF / XSS
Details ================ Software: Quick Page/Post Redirect Plugin Version: 5.0.3 Homepage: http://wordpress.org/plugins/quick-pagepost-redirect-plugin/ Advisory ID: dxw-1970-1091 CVE: CVE-2014-2598 CVSS: 6.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P Description ================ CSRF and stored XSS in...