ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Easy Redirect Manager plugin 2.18.18 - Cross-Site Scripting (XSS) vulnerability

Product
Easy Redirect Manager
Description
Cross-Site Scripting (XSS) vulnerability found by LS Team in WordPress Easy Redirect Manager plugin (version 2.18.18).
Solution
26 January 2019 - we were unable to find a patched version of this plugin. WordPress plugin repository message: "This plugin was closed on January 14, 2019 and is no longer available for download.". We recommend you to deactivate and remove this plugin from your WordPress site.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2019-6267
Versions
Affected In 2.18.18
Disclosure date
2019-01-15
Credits
LS Team
Submitter
ThreatPress