WordPress SEO Redirection plugin <= 6.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

2021-05-0100:00:00

m0ze (Patchstack Red Team)

patchstack.com

0.001 Low

EPSS

Percentile

24.8%

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by m0ze in WordPress SEO Redirection plugin (versions <= 6.4).

Solution

           Update the WordPress SEO Redirection plugin to the latest available version (at least 7.1).

CPENameOperatorVersion
seo redirectionle6.4

CPE	Name	Operator	Version
	seo redirection	le	6.4

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24327

m0ze.ru/vulnerability/[2021-05-01]-[WordPress]-[CWE-79]-SEO-Redirection-WordPress-Plugin-v6.4.txt

wordpress.org/plugins/seo-redirection/#description

0.001 Low

EPSS

Percentile

24.8%

Related for PATCHSTACK:53B213F75739F13D5E2B487C7F209A6E