WordPress Plugin Vulnerabilities
SEO Redirection < 6.4 - Authenticated Reflected Cross-Site Scripting (XSS)
Description
The setting page of the plugin is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute. Timeline (WPScanTeam) January 29th, 2021 - Report received & Confirmed & Escalated to WordPress plugins Team (who confirmed to have received the report) March 16th, 2021 - No updates, disclosing April 18th, 2021 - v6.4 released, fixing the issue
Proof of Concept
https://example.com/wp-admin/options-general.php?page=seo-redirection.php&tab=on%22style%3D%22animation-name%3Aspinner%22+onanimationstart%3D%22alert%28origin%29%22%3E Video: https://mega.nz/file/2kkH2ATT#Ip2SOS3ciG2QYVZp6ALyqGksAd6V-85rWPUFOmqUxUE
Affects Plugins
Fixed in version 6.4
References
Classification
Miscellaneous
Original Researcher
Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)
Submitter
Nguyen Anh Tien
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2021-03-16 (about 2 years ago)
Added
2021-03-16 (about 2 years ago)
Last Updated
2021-04-27 (about 2 years ago)