.htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting
CVE-2021-38361

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
.htaccess Redirect
Vendor
CVE Published:
14 December 2021

Summary

The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the ~/htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1.

Affected Version(s)

.htaccess Redirect 0.3.1

References

https://www.wordfence.com/vulnerability-advisories/#CVE-2...
x_refsource_MISC
https://plugins.trac.wordpress.org/browser/htaccess-redir...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

p7e4
.