Back to KEVs

CVE-2019-19915

The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 19, 2019
Published Date: December 19, 2019
Last Updated: August 05, 2024
Vendor: WordPress
Product: 301 Redirects - Easy Redirect Manager plugin
Description: The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.
Tags

CVSS Scores

CVSS v3.1

9.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS v3.0

9.0 - CRITICAL

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS v2.0

6.0

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

EPSS Score

Score: 0.18% (Percentile: 40.45%) as of 2025-05-12

Exploit Status

Exploited in the Wild: Yes (2019-12-19 10:20:28 UTC) Source

References

https://wpvulndb.com/vulnerabilities/9979 https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redirects-easy-redirect-manager/

Known Exploited Vulnerability Information

Source	Added Date
Wordfence	2019-12-19 10:20:28 UTC

Timeline

CVE ID Reserved

December 19, 2019
Added to KEVIntel

December 19, 2019
CVE Published to Public

December 19, 2019