Lucene search

K
wpexploitWpvulndbWPEX-ID:CA8068F7-DCF0-44FD-841D-D02987220D79
HistoryApr 16, 2021 - 12:00 a.m.

SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)

2021-04-1600:00:00
wpvulndb
77
seo redirection
authenticated
stored cross-site scripting
custom redirect
payload exploit

EPSS

0.001

Percentile

24.8%

The plugin did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads

Create a new Custom redirect (/wp-admin/options-general.php?page=seo-redirection.php) and set a payload such as /"><script>alert(/XSS/)</script> in the Redirect From and Redirect To fields

EPSS

0.001

Percentile

24.8%

Related for WPEX-ID:CA8068F7-DCF0-44FD-841D-D02987220D79