PT-2019-18063 · Premium Wp Suite · Premium Wp Suite Easy Redirect Manager

Alexander Drabek

Published

2019-01-15

Updated

2019-01-17

CVE-2019-6267

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Premium WP Suite Easy Redirect Manager plugin version 28.07-17

Description The issue concerns a crafted GET request that is mishandled during log viewing, leading to XSS. This occurs at the 'templates/admin/redirect-log.php' URI.

Recommendations For Premium WP Suite Easy Redirect Manager plugin version 28.07-17, consider disabling the log viewing feature at the 'templates/admin/redirect-log.php' URI until a patch is available. Restrict access to this URI to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-6267

Affected Products

Premium Wp Suite Easy Redirect Manager

PT-2019-18063 · Premium Wp Suite · Premium Wp Suite Easy Redirect Manager

CVE-2019-6267

Weakness Enumeration

Related Identifiers

Affected Products

References · 5