CVE-2019-19915

Name of the Vulnerable Software and Affected Versions 301 Redirects - Easy Redirect Manager plugin versions prior to 2.45

Description The issue allows users with subscriber or greater access to modify, delete, or inject redirect rules, and exploit cross-site scripting (XSS). This can be achieved through the "301 Redirects - Easy Redirect Manager" plugin using the /admin-ajax.php?action=eps redirect save and /admin-ajax.php?action=eps redirect delete actions. The exploitation of this issue could result in a loss of site availability, malicious redirects, and user infections. It can also be exploited via cross-site request forgery (CSRF).

Recommendations For versions prior to 2.45, update the 301 Redirects - Easy Redirect Manager plugin to version 2.45 or later to resolve the issue. As a temporary workaround, consider restricting access to the /admin-ajax.php?action=eps redirect save and /admin-ajax.php?action=eps redirect delete actions to minimize the risk of exploitation.