CVE-2022-0599

Name of the Vulnerable Software and Affected Versions Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8

Description The issue exists due to the lack of protection measures for the web page structure, allowing a remote attacker to conduct a cross-site scripting (XSS) attack. Specifically, the plugin does not sanitize and escape the mmursp id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

Recommendations For Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8, consider disabling the plugin until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the admin page where the mmursp id parameter is output to minimize the risk of exploitation. Avoid using the mmursp id parameter in the affected admin page until the issue is resolved.