← back
CVE-2021-24325

404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting (XSS)

EPSS 0.8%CWE-79
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →