CVE-2019-19915
📋 TL;DR
This vulnerability in the WordPress '301 Redirects - Easy Redirect Manager' plugin allows users with subscriber-level access or higher to modify, delete, or inject redirect rules, execute cross-site scripting (XSS) attacks, and potentially exploit CSRF. It affects WordPress sites using vulnerable versions of this plugin, potentially leading to site hijacking, malicious redirects, and user compromise.
💻 Affected Systems
- WordPress 301 Redirects - Easy Redirect Manager Plugin
📦 What is this software?
301 Redirects by Webfactoryltd
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover through malicious redirects to phishing sites, injection of persistent XSS payloads affecting all visitors, and potential privilege escalation leading to full WordPress compromise.
Likely Case
Unauthorized redirect rules causing site availability issues, injection of malicious scripts affecting users, and potential SEO damage from malicious redirects.
If Mitigated
Limited impact if proper access controls and input validation are in place, with only minor configuration changes possible.
🎯 Exploit Status
Exploitation requires subscriber-level access or higher. CSRF exploitation possible without authentication through tricking authenticated users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.45
Vendor Advisory: https://wordpress.org/plugins/eps-301-redirects/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find '301 Redirects - Easy Redirect Manager'. 4. Click 'Update Now' if update available. 5. If no update available, delete plugin and install fresh version 2.45+ from WordPress repository.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the plugin until patched version can be installed
wp plugin deactivate eps-301-redirects
Restrict user roles
allTemporarily restrict subscriber-level users from accessing the site
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests to /admin-ajax.php with eps_redirect_save or eps_redirect_delete actions
- Disable the plugin entirely and use alternative redirect methods until patched version can be installed
🔍 How to Verify
Check if Vulnerable:
Check WordPress plugin version: Navigate to Plugins > Installed Plugins and verify '301 Redirects - Easy Redirect Manager' version is below 2.45Check Version:
wp plugin get eps-301-redirects --field=versionVerify Fix Applied:
Confirm plugin version is 2.45 or higher in WordPress admin panel under Plugins > Installed Plugins📡 Detection & Monitoring
Log Indicators:
- POST requests to /admin-ajax.php with action=eps_redirect_save or action=eps_redirect_delete parameters
- Unusual redirect rule modifications in plugin logs
- XSS payloads in request parameters
Network Indicators:
- Unusual redirect patterns from WordPress site
- Requests to admin-ajax.php with suspicious parameters from unexpected user roles
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND (query_string="*action=eps_redirect_save*" OR query_string="*action=eps_redirect_delete*"))🔗 References
- https://wpvulndb.com/vulnerabilities/9979
- https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redirects-easy-redirect-manager/
- https://wpvulndb.com/vulnerabilities/9979
- https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redirects-easy-redirect-manager/
