WordPress Plugin Vulnerabilities

easy-redirect-manager 2.18.18 - Cross-Site Scripting (XSS)

Description

Any page that causes a 404 or 302 response, will be output within the Redirect Log page without any validation or output encoding, including the URL querystring, which could contain an XSS payload.

Affects Plugins

Plugin icon
easy-redirect-manager
No known fix

References

CVE
CVE-2019-6267
URL
https://www.logicallysecure.com/blog/ls-team-discovers-xss-in-wordpress-plugin/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
LS Team
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
623a9aa5-ba0e-4def-b1eb-c26622268ab0

Timeline

Publicly Published
2019-01-14 (about 7 years ago)
Added
2019-01-15 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-10-21
Title
DocumentPress <= 2.1 - Reflected Cross-Site Scripting
Published
2024-12-20
Title
LaTeX2HTML < 2.6.0 - Reflected Cross-Site Scripting
Published
2025-01-16
Title
REAL WordPress Sidebar <= 0.1 - Unauthenticated Stored Cross-Site Scripting
Published
2023-11-09
Title
Additional Order Filters for WooCommerce < 1.12 - Reflected XSS
Published
2023-06-20
Title
Mailtree Log Mail < 1.0.1 - Unauthenticated Stored Cross-Site Scripting