All In One Redirection <= 2.2.0 – Reflected Cross-Site Scripting | CVE 2024-30506 | Plugin Vulnerabilities

Description

The All In One Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Affects Plugins

all-in-one-redirection

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/b5a07a44-98f9-4795-8615-c73a9b161c74

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Pham Ho Anh Dung

Verified

No

WPVDB ID

0dd93d60-c8ed-4f9d-9bf9-bf0ab77f7e9e

Timeline

Publicly Published

2024-03-28 (about 2 years ago)

Added

2024-04-03 (about 2 years ago)

Last Updated

2024-04-03 (about 2 years ago)

Other

Published

Title

Published

2023-10-02

Title

Images Slideshow by 2J <= 1.3.54 - Contributor+ Stored XSS

Published

2024-12-06

Title

Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting

Published

2026-02-11

Title

Duplicate Post < 3.2.4 - Admin+ Stored XSS

Published

2023-09-05

Title

Raise Mag <= 1.0.7 and Wishful Blog <= 2.0.1 - Reflected XSS

Published

2023-08-18

Title

WP VR < 8.3.5 - Reflected XSS