CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24324 – 404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24324
16 Apr 2021 — The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues El plugin de WordPress 404 SEO Redirection versiones hasta 1.3 carece de comprobaciones CSRF en todas sus configuraciones, permitiendo a atacantes hacer que un usuario que haya iniciado sesión cambie la configuración del pl... • https://wpscan.com/vulnerability/63a24890-3735-4016-b4b7-4b070a842664 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24326 – All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24326
16 Apr 2021 — The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute. El parámetro tab de la página de configuración del plugin de WordPress All 404 Redirect to Homepage versiones anteriores a 1.21, era vulnerable a un problema de Cross-Site Scripting (XSS) reflejado y autenticado, ya que la entrada del usuario no era sa... • https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •