Seo Redirection
Monthly
Cross-site scripting in the SEO Redirection WordPress plugin (versions <= 9.17) allows remote unauthenticated attackers to inject malicious scripts that execute in a victim's browser after user interaction such as clicking a crafted link. The flaw has a CVSS 3.1 score of 7.1 with scope-changed impact, indicating injected scripts can affect resources beyond the vulnerable component. There is no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting in the SEO Redirection WordPress plugin (versions <= 9.17) allows remote unauthenticated attackers to inject malicious scripts that execute in a victim's browser after user interaction such as clicking a crafted link. The flaw has a CVSS 3.1 score of 7.1 with scope-changed impact, indicating injected scripts can affect resources beyond the vulnerable component. There is no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.