WordPress Plugin Vulnerabilities

Redirect After Login <= 0.1.9 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks

Affects Plugins

Plugin icon
redirect-after-login
No known fix

References

CVE
CVE-2023-27624

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Yuki Haruma
Verified
No
WPVDB ID
244cf47a-36a2-4d51-9b2a-4d64ecc1e081

Timeline

Publicly Published
2023-04-21 (about 3 years ago)
Added
2023-06-14 (about 2 years ago)
Last Updated
2023-06-14 (about 2 years ago)

Other

Published
Title
Published
2025-09-05
Title
Widgetize Pages Light <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-02-26
Title
Adsmonetizer < 3.1.3 - Reflected Cross-Site Scripting
Published
2023-01-24
Title
Shortcode for Font Awesome < 1.4.1 - Contributor+ Stored XSS
Published
2025-01-16
Title
Guten Free Options <= 0.9.5 - Reflected Cross-Site Scripting
Published
2022-02-21
Title
Team Circle Image Slider With Lightbox < 1.0.16 - Reflected Cross-Site Scripting