Vulnerability Description
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mooveagency | Redirect 404 To Parent | < 1.3.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3ExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27ExploitThird Party Advisory
- http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3ExploitThird Party AdvisoryVDB Entry
- https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27ExploitThird Party Advisory
FAQ
What is CVE-2021-24286?
CVE-2021-24286 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
How severe is CVE-2021-24286?
CVE-2021-24286 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24286?
Check the references section above for vendor advisories and patch information. Affected products include: Mooveagency Redirect 404 To Parent.