CVE-2021-24286 – Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24286
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue La página de configuración del plugin de WordPress Redirect 404 to parent versiones anteriores a 1.3.1 no sanea apropiadamente el parámetro tab antes de devolverlo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Redirect 404 to Parent plugin version 1.3.0 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50350 http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.html https://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •