CVE-2021-24327

CVE-2021-24327: SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown
Product SEO Redirection Plugin – 301 Redirect Manager
Weakness CWE-79 · XSS
Published May 17, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads

Key dates

02Disclosure timeline

May 17, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE