Vulners
Lucene search
WordPress Redirection 2.2.9 Persistent Cross Site Scripting
#Title: Wordpress Redirection Plugin <=2.2.9 Lazy XSS
#Date: 2011-10-05
#Author: dotxed (dotxed(at)googlemail.com @dotxed)
#Software Link: http://wordpress.org/extend/plugins/redirection/
#Version: 2.2.9 (tested)
-----------------------
Info
-----------------------
One feature of the Plugin allows you to log 404-erros on your wordpress
site. The Plugin saves the requested URL, timestamp, IP and the
referrer, which can be seen in the wordpress plugin menu.
------------------------
PoC
-----------------------
The referrer is not santinized proberbly. It allows you to store XSS in
the wordpress backend (affects privileged users only)
Visit a 404-page of the target wordpress Site and change the referrer
to "/><script>alert(1)</script> to place your XSS inside the blog
backend.
-----------------------
Fix
-----------------------
After contacting the writer of this plugin, he rolled out a new version.
Version 2.2.10 is not affected by these XSS issues.
More information can be seen on http://goo.gl/956D7 (only german)
-----------------------
Finally...
-----------------------
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Oct 2011 00:00Current
7.1High risk
Vulners AI Score7.1