Post Redirect

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

quick-page-post-redirect-project

CWE-862

NVD

Published: 2023-06-07

Updated: 2023-11-07

Summary

The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it possible for low-privileged attackers to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website.

Vulnerable Configurations

Part	Description	Count
Application	Quick_Page\/Post_Redirect_Project Quick Page/Post Redirect Project Quick Page/Post Redirect 1.0 Quick Page/Post Redirect Project Quick Page/Post Redirect 1.1 Quick Page/Post Redirect Project Quick Page/Post Redirect 1.2 Quick Page/Post Redirect Project Quick Page/Post Redirect 1.3 Quick Page/Post Redirect Project Quick Page/Post Redirect 1.4 Quick Page/Post Redirect Project Quick Page/Post Redirect 1.5 Quick Page/Post Redirect Project Quick Page/Post Redirect 1.6 Quick Page/Post Redirect Project Quick Page/Post Redirect 1.6.1 Quick Page/Post Redirect Project Quick Page/Post Redirect 1.7 Quick Page/Post Redirect Project Quick Page/Post Redirect 1.8 Quick Page/Post Redirect Project Quick Page/Post Redirect 1.9 Quick Page/Post Redirect Project Quick Page/Post Redirect 2.0 Quick Page/Post Redirect Project Quick Page/Post Redirect 2.1 Quick Page/Post Redirect Project Quick Page/Post Redirect 3.0 Quick Page/Post Redirect Project Quick Page/Post Redirect 3.1 Quick Page/Post Redirect Project Quick Page/Post Redirect 3.2 Quick Page/Post Redirect Project Quick Page/Post Redirect 3.2.1 Quick Page/Post Redirect Project Quick Page/Post Redirect 3.2.2 Quick Page/Post Redirect Project Quick Page/Post Redirect 3.2.3 Quick Page/Post Redirect Project Quick Page/Post Redirect 4.0 Quick Page/Post Redirect Project Quick Page/Post Redirect 4.1 Quick Page/Post Redirect Project Quick Page/Post Redirect 4.2 Quick Page/Post Redirect Project Quick Page/Post Redirect 4.2.1 Quick Page/Post Redirect Project Quick Page/Post Redirect 4.2.2 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.0 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.0.1 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.0.2 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.0.3 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.0.4 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.0.5 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.0.6 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.0.7 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.1.0 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.1.1 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.1.2 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.1.3 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.1.4 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.1.5 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.1.6 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.1.7 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.1.8 Quick Page/Post Redirect Project Quick Page/Post Redirect 5.1.9	42

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References