Lucene search

M0ze (Patchstack Red Team)PATCHSTACK:6682B4823DB3B871DAF79D75DC1787A3

HistoryApr 16, 2021 - 12:00 a.m.

WordPress 404 SEO Redirection plugin <= 1.3 - Reflected Cross-Site Scripting (XSS) vulnerability

2021-04-1600:00:00

m0ze (Patchstack Red Team)

patchstack.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Reflected Cross-Site Scripting (XSS) vulnerability discovered by m0ze in WordPress 404 SEO Redirection plugin (versions <= 1.3).

Solution

           This plugin has been closed as of April 27, 2021 and is not available for download. This closure is permanent.

CPENameOperatorVersion
404 seo redirectionle1.3

CPE	Name	Operator	Version
	404 seo redirection	le	1.3

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24325

wordpress.org/plugins/404-redirection-manager/

www.youtube.com/watch?v=zPbjpZ3Tfr8

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for PATCHSTACK:6682B4823DB3B871DAF79D75DC1787A3