ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Redirection Plugin <= 2.2.9 - Multiple XSS

Product
Redirection
Description
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2011-4562
Versions
Affected In <= 2.2.9
Fixed In 2.3.0
Disclosure date
2011-11-28
Credits
dotxed