CVE-2014-2598

WordPress Quick Page/Post Redirect <5.0.5 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2598. PoCs published by Tom Adams.

AI-analyzed exploit summary This exploit demonstrates a CSRF and stored XSS vulnerability in the Quick Page/Post Redirect Plugin for WordPress. The PoC provides a form that, when submitted by an admin user, injects malicious JavaScript into the plugin's settings.

Description

Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php.

Exploits (1)

exploitdb WORKING POC

by Tom Adams · textwebappsphp

https://www.exploit-db.com/exploits/32867

View Code ZIP pw:eip

This exploit demonstrates a CSRF and stored XSS vulnerability in the Quick Page/Post Redirect Plugin for WordPress. The PoC provides a form that, when submitted by an admin user, injects malicious JavaScript into the plugin's settings.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Quick Page/Post Redirect Plugin for WordPress version 5.0.3

Auth required

Prerequisites: Admin user session · Victim must visit attacker-controlled page

MITRE ATT&CK