CVE-2011-4562

Name of the Vulnerable Software and Affected Versions Redirection plugin version 2.2.9

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities are located in the view/admin/log item.php and view/admin/log item details.php files of the Redirection plugin for WordPress. Remote attackers can exploit these vulnerabilities by injecting arbitrary web script or HTML via the Referer HTTP header in a request to a non-existent post.

Recommendations For Redirection plugin version 2.2.9, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the view/admin/log item.php and view/admin/log item details.php files to minimize the risk of exploitation. Avoid using the Referer HTTP header in requests to non-existent posts until the issue is resolved.