Reflected Cross-Site Scripting Vulnerability in SEO Blogger to WordPress Migration Plugin
CVE-2024-13422

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Seo Blogger To WordPress Migration Using 301 Redirection
Vendor: CVE Published:; 23 January 2025

Summary

The SEO Blogger to WordPress Migration using 301 Redirection plugin is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability. This issue arises from inadequate input sanitization and output escaping in the 'url' parameter across all versions up to and including 0.4.8. As a result, unauthenticated attackers may exploit this vulnerability to inject malicious scripts into web pages. If a user unwittingly clicks on a specially crafted link, these scripts could be executed in the context of their browser session, potentially compromising user data and session integrity.

Affected Version(s)

SEO Blogger to WordPress Migration using 301 Redirection * <= 0.4.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/seo-blogger-to...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Jan 15, 2025

Credit

Colin Xu