Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities by clogica
CVE-2022-40695 (GCVE-0-2022-40695)
Vulnerability from nvd – Published: 2022-11-18 22:16 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities
Summary
Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WP-buy | SEO Redirection Plugin – 301 Redirect Manager (WordPress plugin) |
Affected:
<= 8.9 , ≤ 8.9
(custom)
|
Date Public
2022-10-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-plugin-8-9-multiple-cross-site-scripting-csrf-vulnerabilities?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:20:00.408992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:50:50.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin \u2013 301 Redirect Manager (WordPress plugin)",
"vendor": "WP-buy",
"versions": [
{
"lessThanOrEqual": "8.9",
"status": "affected",
"version": "\u003c= 8.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"datePublic": "2022-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin \u003c= 8.9 on WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:48.239Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
},
{
"url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-plugin-8-9-multiple-cross-site-scripting-csrf-vulnerabilities?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 9.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress SEO Redirection Plugin plugin \u003c= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-40695",
"datePublished": "2022-11-18T22:16:12.015Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:48.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-38704 (GCVE-0-2022-38704)
Vulnerability from nvd – Published: 2022-09-23 18:32 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/seo… | x_refsource_CONFIRM |
| https://wordpress.org/plugins/seo-redirection/#de… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WP-buy | SEO Redirection Plugin – 301 Redirect Manager (WordPress plugin) |
Affected:
<= 8.9 , ≤ 8.9
(custom)
|
Date Public
2022-09-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:23:18.667937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:00:56.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin \u2013 301 Redirect Manager (WordPress plugin)",
"vendor": "WP-buy",
"versions": [
{
"lessThanOrEqual": "8.9",
"status": "affected",
"version": "\u003c= 8.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
}
],
"datePublic": "2022-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin \u003c= 8.9 at WordPress, leading to deletion of 404 errors and redirection history."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:47.424Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 9.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress SEO Redirection plugin \u003c= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-23T09:49:00.000Z",
"ID": "CVE-2022-38704",
"STATE": "PUBLIC",
"TITLE": "WordPress SEO Redirection plugin \u003c= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin \u2013 301 Redirect Manager (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 8.9",
"version_value": "8.9"
}
]
}
}
]
},
"vendor_name": "WP-buy"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin \u003c= 8.9 at WordPress, leading to deletion of 404 errors and redirection history."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/seo-redirection/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 9.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-38704",
"datePublished": "2022-09-23T18:32:54.735Z",
"dateReserved": "2022-09-08T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:47.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-24328 (GCVE-0-2021-24328)
Vulnerability from nvd – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
VLAI
Title
WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)
Summary
The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a… | x_refsource_CONFIRM |
| https://m0ze.ru/exploit/csrf-wp-login-security-an… | x_refsource_MISC |
| https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5… | x_refsource_MISC |
| https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Login Security and History |
Affected:
1.0 , ≤ 1.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Login Security and History",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin\u0027s settings to arbitrary values, and set XSS payloads on them as well"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:33:31.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Login Security and History \u003c= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24328",
"STATE": "PUBLIC",
"TITLE": "WP Login Security and History \u003c= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Login Security and History",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin\u0027s settings to arbitrary values, and set XSS payloads on them as well"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
},
{
"name": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html",
"refsource": "MISC",
"url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
},
{
"name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
},
{
"name": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24328",
"datePublished": "2021-06-01T11:33:31.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24326 (GCVE-0-2021-24326)
Vulnerability from nvd – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI
Title
All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)
Summary
The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/63d6ca03-e0df-40… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | All 404 Redirect to Homepage |
Affected:
1.21 , < 1.21
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All 404 Redirect to Homepage",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.21",
"status": "affected",
"version": "1.21",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:54.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "All 404 Redirect to Homepage \u003c 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24326",
"STATE": "PUBLIC",
"TITLE": "All 404 Redirect to Homepage \u003c 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All 404 Redirect to Homepage",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.21",
"version_value": "1.21"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24326",
"datePublished": "2021-05-17T16:48:54.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24327 (GCVE-0-2021-24327)
Vulnerability from nvd – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI
Title
SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/ca8068f7-dcf0-44… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | SEO Redirection Plugin – 301 Redirect Manager |
Affected:
6.4 , < 6.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:24.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "6.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:54.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SEO Redirection \u003c 6.4 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24327",
"STATE": "PUBLIC",
"TITLE": "SEO Redirection \u003c 6.4 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.4",
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24327",
"datePublished": "2021-05-17T16:48:54.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:24.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24325 (GCVE-0-2021-24325)
Vulnerability from nvd – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI
Title
404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting (XSS)
Summary
The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/96e9a7fd-9ab8-47… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | 404 SEO Redirection |
Affected:
1.3 , ≤ 1.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/96e9a7fd-9ab8-478e-9420-4bca2a0b23a1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "404 SEO Redirection",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:54.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/96e9a7fd-9ab8-478e-9420-4bca2a0b23a1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "404 SEO Redirection \u003c= 1.3 - Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24325",
"STATE": "PUBLIC",
"TITLE": "404 SEO Redirection \u003c= 1.3 - Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "404 SEO Redirection",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/96e9a7fd-9ab8-478e-9420-4bca2a0b23a1",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/96e9a7fd-9ab8-478e-9420-4bca2a0b23a1"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24325",
"datePublished": "2021-05-17T16:48:54.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24324 (GCVE-0-2021-24324)
Vulnerability from nvd – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI
Title
404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Summary
The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/63a24890-3735-40… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | 404 SEO Redirection |
Affected:
1.3 , ≤ 1.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "404 SEO Redirection",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin\u0027s settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:53.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "404 SEO Redirection \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24324",
"STATE": "PUBLIC",
"TITLE": "404 SEO Redirection \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "404 SEO Redirection",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin\u0027s settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24324",
"datePublished": "2021-05-17T16:48:53.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24187 (GCVE-0-2021-24187)
Vulnerability from nvd – Published: 2021-04-05 18:27 – Updated: 2024-08-03 19:21
VLAI
Title
SEO Redirection < 6.4 - Authenticated Reflected Cross-Site Scripting (XSS)
Summary
The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/c234700e-61dd-46… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | SEO Redirection Plugin - 301 Redirect Manager |
Affected:
6.4 , < 6.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c234700e-61dd-46a0-90fb-609e704269a9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin - 301 Redirect Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "6.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:56:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/c234700e-61dd-46a0-90fb-609e704269a9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SEO Redirection \u003c 6.4 - Authenticated Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24187",
"STATE": "PUBLIC",
"TITLE": "SEO Redirection \u003c 6.4 - Authenticated Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin - 301 Redirect Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.4",
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/c234700e-61dd-46a0-90fb-609e704269a9",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/c234700e-61dd-46a0-90fb-609e704269a9"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24187",
"datePublished": "2021-04-05T18:27:45.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10896 (GCVE-0-2016-10896)
Vulnerability from nvd – Published: 2019-08-21 11:38 – Updated: 2024-08-06 03:38
VLAI
Summary
The seo-redirection plugin before 4.3 for WordPress has stored XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/seo-redirection/#de… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The seo-redirection plugin before 4.3 for WordPress has stored XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T11:38:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The seo-redirection plugin before 4.3 for WordPress has stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/seo-redirection/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10896",
"datePublished": "2019-08-21T11:38:57.000Z",
"dateReserved": "2019-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:38:56.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40695 (GCVE-0-2022-40695)
Vulnerability from cvelistv5 – Published: 2022-11-18 22:16 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities
Summary
Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WP-buy | SEO Redirection Plugin – 301 Redirect Manager (WordPress plugin) |
Affected:
<= 8.9 , ≤ 8.9
(custom)
|
Date Public
2022-10-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-plugin-8-9-multiple-cross-site-scripting-csrf-vulnerabilities?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:20:00.408992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:50:50.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin \u2013 301 Redirect Manager (WordPress plugin)",
"vendor": "WP-buy",
"versions": [
{
"lessThanOrEqual": "8.9",
"status": "affected",
"version": "\u003c= 8.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Vlad Vector (Patchstack)"
}
],
"datePublic": "2022-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin \u003c= 8.9 on WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:48.239Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
},
{
"url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-plugin-8-9-multiple-cross-site-scripting-csrf-vulnerabilities?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 9.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress SEO Redirection Plugin plugin \u003c= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-40695",
"datePublished": "2022-11-18T22:16:12.015Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:48.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-38704 (GCVE-0-2022-38704)
Vulnerability from cvelistv5 – Published: 2022-09-23 18:32 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/seo… | x_refsource_CONFIRM |
| https://wordpress.org/plugins/seo-redirection/#de… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WP-buy | SEO Redirection Plugin – 301 Redirect Manager (WordPress plugin) |
Affected:
<= 8.9 , ≤ 8.9
(custom)
|
Date Public
2022-09-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:23:18.667937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:00:56.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin \u2013 301 Redirect Manager (WordPress plugin)",
"vendor": "WP-buy",
"versions": [
{
"lessThanOrEqual": "8.9",
"status": "affected",
"version": "\u003c= 8.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
}
],
"datePublic": "2022-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin \u003c= 8.9 at WordPress, leading to deletion of 404 errors and redirection history."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:47.424Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 9.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress SEO Redirection plugin \u003c= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-09-23T09:49:00.000Z",
"ID": "CVE-2022-38704",
"STATE": "PUBLIC",
"TITLE": "WordPress SEO Redirection plugin \u003c= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin \u2013 301 Redirect Manager (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 8.9",
"version_value": "8.9"
}
]
}
}
]
},
"vendor_name": "WP-buy"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin \u003c= 8.9 at WordPress, leading to deletion of 404 errors and redirection history."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
},
{
"name": "https://wordpress.org/plugins/seo-redirection/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 9.1 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-38704",
"datePublished": "2022-09-23T18:32:54.735Z",
"dateReserved": "2022-09-08T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:47.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-24328 (GCVE-0-2021-24328)
Vulnerability from cvelistv5 – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
VLAI
Title
WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)
Summary
The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a… | x_refsource_CONFIRM |
| https://m0ze.ru/exploit/csrf-wp-login-security-an… | x_refsource_MISC |
| https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5… | x_refsource_MISC |
| https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP Login Security and History |
Affected:
1.0 , ≤ 1.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Login Security and History",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin\u0027s settings to arbitrary values, and set XSS payloads on them as well"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:33:31.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Login Security and History \u003c= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24328",
"STATE": "PUBLIC",
"TITLE": "WP Login Security and History \u003c= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Login Security and History",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin\u0027s settings to arbitrary values, and set XSS payloads on them as well"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
},
{
"name": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html",
"refsource": "MISC",
"url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
},
{
"name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
},
{
"name": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24328",
"datePublished": "2021-06-01T11:33:31.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24326 (GCVE-0-2021-24326)
Vulnerability from cvelistv5 – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI
Title
All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)
Summary
The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/63d6ca03-e0df-40… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | All 404 Redirect to Homepage |
Affected:
1.21 , < 1.21
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All 404 Redirect to Homepage",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.21",
"status": "affected",
"version": "1.21",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:54.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "All 404 Redirect to Homepage \u003c 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24326",
"STATE": "PUBLIC",
"TITLE": "All 404 Redirect to Homepage \u003c 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All 404 Redirect to Homepage",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.21",
"version_value": "1.21"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24326",
"datePublished": "2021-05-17T16:48:54.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24327 (GCVE-0-2021-24327)
Vulnerability from cvelistv5 – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI
Title
SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/ca8068f7-dcf0-44… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | SEO Redirection Plugin – 301 Redirect Manager |
Affected:
6.4 , < 6.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:24.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "6.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:54.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SEO Redirection \u003c 6.4 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24327",
"STATE": "PUBLIC",
"TITLE": "SEO Redirection \u003c 6.4 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.4",
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24327",
"datePublished": "2021-05-17T16:48:54.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:24.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24325 (GCVE-0-2021-24325)
Vulnerability from cvelistv5 – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI
Title
404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting (XSS)
Summary
The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/96e9a7fd-9ab8-47… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | 404 SEO Redirection |
Affected:
1.3 , ≤ 1.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/96e9a7fd-9ab8-478e-9420-4bca2a0b23a1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "404 SEO Redirection",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:54.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/96e9a7fd-9ab8-478e-9420-4bca2a0b23a1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "404 SEO Redirection \u003c= 1.3 - Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24325",
"STATE": "PUBLIC",
"TITLE": "404 SEO Redirection \u003c= 1.3 - Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "404 SEO Redirection",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/96e9a7fd-9ab8-478e-9420-4bca2a0b23a1",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/96e9a7fd-9ab8-478e-9420-4bca2a0b23a1"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24325",
"datePublished": "2021-05-17T16:48:54.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24324 (GCVE-0-2021-24324)
Vulnerability from cvelistv5 – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI
Title
404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Summary
The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/63a24890-3735-40… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | 404 SEO Redirection |
Affected:
1.3 , ≤ 1.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "404 SEO Redirection",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin\u0027s settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:53.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "404 SEO Redirection \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24324",
"STATE": "PUBLIC",
"TITLE": "404 SEO Redirection \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "404 SEO Redirection",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin\u0027s settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24324",
"datePublished": "2021-05-17T16:48:53.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24187 (GCVE-0-2021-24187)
Vulnerability from cvelistv5 – Published: 2021-04-05 18:27 – Updated: 2024-08-03 19:21
VLAI
Title
SEO Redirection < 6.4 - Authenticated Reflected Cross-Site Scripting (XSS)
Summary
The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute.
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/c234700e-61dd-46… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | SEO Redirection Plugin - 301 Redirect Manager |
Affected:
6.4 , < 6.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c234700e-61dd-46a0-90fb-609e704269a9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin - 301 Redirect Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "6.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:56:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/c234700e-61dd-46a0-90fb-609e704269a9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SEO Redirection \u003c 6.4 - Authenticated Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24187",
"STATE": "PUBLIC",
"TITLE": "SEO Redirection \u003c 6.4 - Authenticated Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin - 301 Redirect Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.4",
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/c234700e-61dd-46a0-90fb-609e704269a9",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/c234700e-61dd-46a0-90fb-609e704269a9"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24187",
"datePublished": "2021-04-05T18:27:45.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10896 (GCVE-0-2016-10896)
Vulnerability from cvelistv5 – Published: 2019-08-21 11:38 – Updated: 2024-08-06 03:38
VLAI
Summary
The seo-redirection plugin before 4.3 for WordPress has stored XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/seo-redirection/#de… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The seo-redirection plugin before 4.3 for WordPress has stored XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T11:38:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The seo-redirection plugin before 4.3 for WordPress has stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/seo-redirection/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/seo-redirection/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10896",
"datePublished": "2019-08-21T11:38:57.000Z",
"dateReserved": "2019-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:38:56.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}