Search criteria
4 vulnerabilities found for SEO Redirection Plugin – 301 Redirect Manager by Unknown
CVE-2021-24847 (GCVE-0-2021-24847)
Vulnerability from cvelistv5 – Published: 2021-11-17 10:15 – Updated: 2024-08-03 19:42
VLAI?
Title
SEO Redirection < 8.2 - Subscriber+ SQL Injection
Summary
The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SEO Redirection Plugin – 301 Redirect Manager |
Affected:
8.2 , < 8.2
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/679ca6ed-2343-43f3-9c3e-2c12e12407c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The importFromRedirection AJAX action of the SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T10:15:50",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/679ca6ed-2343-43f3-9c3e-2c12e12407c1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SEO Redirection \u003c 8.2 - Subscriber+ SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24847",
"STATE": "PUBLIC",
"TITLE": "SEO Redirection \u003c 8.2 - Subscriber+ SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The importFromRedirection AJAX action of the SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/679ca6ed-2343-43f3-9c3e-2c12e12407c1",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/679ca6ed-2343-43f3-9c3e-2c12e12407c1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24847",
"datePublished": "2021-11-17T10:15:51",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:17.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24327 (GCVE-0-2021-24327)
Vulnerability from cvelistv5 – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI?
Title
SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SEO Redirection Plugin – 301 Redirect Manager |
Affected:
6.4 , < 6.4
(custom)
|
Credits
m0ze
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:24.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "6.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:54",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SEO Redirection \u003c 6.4 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24327",
"STATE": "PUBLIC",
"TITLE": "SEO Redirection \u003c 6.4 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.4",
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24327",
"datePublished": "2021-05-17T16:48:54",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:24.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24847 (GCVE-0-2021-24847)
Vulnerability from nvd – Published: 2021-11-17 10:15 – Updated: 2024-08-03 19:42
VLAI?
Title
SEO Redirection < 8.2 - Subscriber+ SQL Injection
Summary
The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SEO Redirection Plugin – 301 Redirect Manager |
Affected:
8.2 , < 8.2
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/679ca6ed-2343-43f3-9c3e-2c12e12407c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The importFromRedirection AJAX action of the SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T10:15:50",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/679ca6ed-2343-43f3-9c3e-2c12e12407c1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SEO Redirection \u003c 8.2 - Subscriber+ SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24847",
"STATE": "PUBLIC",
"TITLE": "SEO Redirection \u003c 8.2 - Subscriber+ SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The importFromRedirection AJAX action of the SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/679ca6ed-2343-43f3-9c3e-2c12e12407c1",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/679ca6ed-2343-43f3-9c3e-2c12e12407c1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24847",
"datePublished": "2021-11-17T10:15:51",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:17.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24327 (GCVE-0-2021-24327)
Vulnerability from nvd – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI?
Title
SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | SEO Redirection Plugin – 301 Redirect Manager |
Affected:
6.4 , < 6.4
(custom)
|
Credits
m0ze
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:24.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "6.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:54",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SEO Redirection \u003c 6.4 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24327",
"STATE": "PUBLIC",
"TITLE": "SEO Redirection \u003c 6.4 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SEO Redirection Plugin \u2013 301 Redirect Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.4",
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SEO Redirection Plugin \u2013 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ca8068f7-dcf0-44fd-841d-d02987220d79"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24327",
"datePublished": "2021-05-17T16:48:54",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:24.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}