WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

Description

The plugin is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

404-redirection-manager
No known fix - plugin closed

References

CVE
CVE-2021-24324

YouTube Video

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

m0ze

Verified

Yes

WPVDB ID
63a24890-3735-4016-b4b7-4b070a842664

Timeline

Publicly Published

2021-04-16 (about 1 years ago)

Added

2021-04-27 (about 1 years ago)

Last Updated

2021-05-18 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin