WordPress Plugin Vulnerabilities

Quick Page Post Redirect 5.0.4 - redirect-updates.php Multiple Admin Function CSRF

Description

The Quick Page/Post Redirect Plugin WordPress plugin was affected by a redirect-updates.php Multiple Admin Function CSRF security vulnerability.

Affects Plugins

Plugin icon
quick-pagepost-redirect-plugin
Fixed in 5.0.5

References

CVE
CVE-2014-2598
Exploitdb
32867
URL
https://advisories.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Verified
No
WPVDB ID
84054834-7df6-4848-a69d-85735c46e98e

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-10-18
Title
Back Link Tracker <= 1.0.0 - Cross-Site Request Forgery to SQL Injection
Published
2025-01-29
Title
WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion
Published
2025-06-05
Title
WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function
Published
2023-11-01
Title
Funnelforms Free < 3.4.2 - Cross-Site Request Forgery to Arbitrary Post Deletion
Published
2025-03-24
Title
cTabs <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting