Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-24326 | 1 Clogica | 1 All 404 Redirect To Homepage | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute. | |||||
CVE-2021-24324 | 1 Clogica | 1 All 404 Redirect To Homepage | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF checks in all its settings, allowing attackers to make a logged in user change the plugin's settings. Due to the lack of sanitisation and escaping in some fields, it could also lead to Stored Cross-Site Scripting issues |