CVE-2015-1580
Redirection Page <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php.
Múltiples vulnerabilidades de CSRF en el plugin Redirection Page 1.2 para WordPress permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) cambian las configuraciones de los plugins o realizan ataques de XSS a través del parámetro (2) source o (3) redir en una acción de añadir en la página de redirección en wp-admin/options-general.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-09 CVE Published
- 2015-02-11 CVE Reserved
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- 2024-09-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/130314/WordPress-Redirection-Page-1.2-CSRF-XSS.html | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redirection Project Search vendor "Redirection Project" | Redirection Search vendor "Redirection Project" for product "Redirection" | 1.2 Search vendor "Redirection Project" for product "Redirection" and version "1.2" | wordpress |
Affected
| ||||||