WordPress Plugin Vulnerabilities

SEO Redirection < 7.4 - Reflected Cross-Site Scripting

Description

The plugin does not escape the tab parameter before outputting it back in JavaScript code, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

Affects Plugins

Plugin icon
seo-redirection
Fixed in 7.4

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
b694b9c0-a367-468c-99c2-6ba35bcf21ea

Timeline

Publicly Published
2021-09-13 (about 4 years ago)
Added
2021-09-13 (about 4 years ago)
Last Updated
2021-09-13 (about 4 years ago)

Other

Published
Title
Published
2016-07-31
Title
Easy Testimonials < 1.37 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2016-02-02
Title
eShop - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2025-02-21
Title
Terms Dictionary <= 1.5.1 - Reflected Cross-Site Scripting
Published
2025-03-22
Title
ZenphotoPress <= 1.8 - Reflected Cross-Site Scripting
Published
2025-03-18
Title
NS Simple Intro Loader <= 2.2.3 - Reflected Cross-Site Scripting