CVE-2021-24326
All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
17 mai 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute.
Produtos afetados
Unknown · All 404 Redirect to Homepage