PT-2021-15863 · WordPress · 404 Redirect To Homepage

M0Ze

Published

2021-05-17

Updated

2021-05-24

CVE-2021-24326

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions All 404 Redirect to Homepage WordPress plugin versions prior to 1.21

Description The issue concerns an authenticated reflected Cross-Site Scripting (XSS) problem. It occurs because user input for the tab parameter on the settings page is not properly sanitized before being output in an attribute. This allows for malicious script execution.

Recommendations For versions prior to 1.21, update to version 1.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation. Avoid using the tab parameter in the affected settings page until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-24326

Affected Products

404 Redirect To Homepage

PT-2021-15863 · WordPress · 404 Redirect To Homepage

CVE-2021-24326

Weakness Enumeration

Related Identifiers

Affected Products

References · 4