关键信息 漏洞名称: WordPress Plugin Quick Page/Post Redirect Security Bypass (5.1.9) 严重性: HIGH 分类: - CWE-264 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N 标签: - Missing Update - Authentication Bypass 漏洞描述: - WordPress Plugin Quick Page/Post Redirect 存在安全绕过漏洞。利用此漏洞可能允许攻击者执行受限制的操作并更改插件的设置。WordPress Plugin Quick Page/Post Redirect 5.1.9 版本易受攻击,以前的版本可能也会受到影响。 修复建议: - 禁用插件,直至修复版本可用。 参考资料: - https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-wordpress-quick-page-post-redirect-plugin-unpatched/ - https://wordpress.org/plugins/quick-pagepost-redirect-plugin/#description 相关漏洞: - Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7911) - Drupal Core Security Bypass (8.0.0 - 9.1.15) - Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4439) - Internet Information Services Other Vulnerability (CVE-1999-1233) - WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.36)