ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Redirection Page Plugin <= 1.2 - Multiple CSRF and XSS

Product
Redirection Page
Description
This plugin is prone to multiple cross site request forgery and cross site scripting vulnerabilities. In that way an attacker can change plugin settings via the "source" or "redir" parameters.
Solution
Update the plugin.
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2015-1580
Versions
Affected In <= 1.2
Fixed In 1.3
Disclosure date
2015-02-11
Credits
Morten Nørtoft