Unrated severityNVD Advisory· Published Jan 5, 2015· Updated May 6, 2026
CVE-2014-2598
CVE-2014-2598
Description
Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php.
Affected products
1- cpe:2.3:a:quick_page\/post_redirect_project:quick_page\/post_redirect:*:*:*:*:*:wordpress:*:*Range: <=5.0.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- wordpress.org/plugins/quick-pagepost-redirect-plugin/changelog/nvdPatchVendor Advisory
- packetstormsecurity.com/files/126127nvdExploit
- seclists.org/fulldisclosure/2014/Apr/171nvdExploit
- www.exploit-db.com/exploits/32867nvdExploit
- security.dxw.com/advisories/csrf-and-stored-xss-in-quick-pagepost-redirect-plugin/nvdExploit
- osvdb.org/show/osvdb/105707nvd
- osvdb.org/show/osvdb/105708nvd
- secunia.com/advisories/57883nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/92528nvd
News mentions
0No linked articles in our index yet.