CVE-2015-1580

Name of the Vulnerable Software and Affected Versions Redirection Page plugin version 1.2 for WordPress

Description The issue allows remote attackers to hijack the authentication of administrators for requests, enabling them to change plugin settings or conduct cross-site scripting (XSS) attacks. This is achieved via the source or redir parameter in an add action in the redirection-page to wp-admin/options-general.php.

Recommendations For Redirection Page plugin version 1.2, consider disabling the plugin until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the redirection-page and wp-admin/options-general.php to minimize the risk of exploitation. Avoid using the source and redir parameters in the affected API endpoint until the issue is resolved.