CVE-2020-36699

MEDIUM Year: 2020
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-862
View all →

Vulnerability Description

The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it possible for low-privileged attackers to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website.

Related Vulnerabilities

CVE-2017-1000243

MEDIUM
CVSS:4.3(Medium)

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

CWE-8622017

CVE-2017-1000388

MEDIUM
CVSS:4.3(Medium)

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modif...

CWE-8622017

CVE-2017-1000390

MEDIUM
CVSS:4.3(Medium)

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.

CWE-8622017

CVE-2017-1000400

MEDIUM
CVSS:4.3(Medium)

The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current ...

CWE-8622017

CVE-2017-17693

MEDIUM
CVSS:4.3(Medium)

Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.

CWE-8622017

CVE-2017-2662

MEDIUM
CVSS:4.3(Medium)

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respec...

CWE-8622017