CVE-2019-19915
CRITICAL EXPLOITEDWebfactoryltd 301 Redirects < 2.45 - CSRF
Title source: ruleDescription
The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9979
Exploit, Third Party Advisory x_refsource_misc
https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redirects-easy-redirect-manager/
Scores
CVSS v3
9.0
EPSS
0.0018
EPSS Percentile
38.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
VulnCheck KEV
2019-12-19
CWE
CWE-352
CWE-732
Status
published
Products (1)
webfactoryltd/301_redirects
< 2.45
Published
Dec 19, 2019
Tracked Since
Feb 18, 2026