CVE-2023-27624
published 2023-06-13CVE-2023-27624: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.
PriorityP421medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EXPLOIT
EPSS
0.62%
45.1th percentile
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| marcelotorres | redirect_after_login | n/a – 0.1.9 | — |
| redirect_after_login_project | redirect_after_login | <= 0.1.9 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS
nuclei·CVSS 4.8
CVE-2023-27624 [MEDIUM] WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS
WordPress Redirect After Login "'
- 'mtral_field_custom_url_administrator'
condition: and
- type: word
part: header
words:
- 'text/html'
- type: status
status:
- 200
# digest: 4b0a004830460221009debd62ee8937a1474bacca9aea363eff3a2a4b62588e1b58ef4b62611b4704f022100c5100822ef420034478a3cf81abe8e80bd46e691d5995a4bdbc657ac66589d6f:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/redirect-after-login/wordpress-redirect-after-login-plugin-0-1-9-cross-site-scripting-xss-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/redirect-after-login/wordpress-redirect-after-login-plugin-0-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve
2023-06-13
Published