CVE-2012-5325

Name of the Vulnerable Software and Affected Versions Shortcode Redirect plugin versions 1.0.01 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the scr do redirect function. These vulnerabilities allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the url or sec attributes in a redirect tag.

Recommendations For Shortcode Redirect plugin versions 1.0.01 and earlier, update to a version later than 1.0.01 to resolve the issue. As a temporary workaround, consider restricting access to the scr.php file or disabling the scr do redirect function until a patch is available. Avoid using the url and sec attributes in the redirect tag until the issue is resolved.