logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

Description

The plugin is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

404-redirection-manager

No known fix - plugin closed

References

CVE

CVE-2021-24324

YouTube Video

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

m0ze

Verified

Yes

WPVDB ID

63a24890-3735-4016-b4b7-4b070a842664

Timeline

Publicly Published

2021-04-16 (about 3 months ago)

Added

2021-04-27 (about 2 months ago)

Last Updated

2021-05-18 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin