CVE-2022-0599 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Mapping Multiple URLs Redirect Same Page plugin for WordPress affects v. through 5.8.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
The Mapping Multiple URLs Redirect Same Page plugin for WordPress is a handy tool that allows website owners to redirect multiple URLs to the same page easily. This plugin is especially useful for those who have restructured their website and have changed the URLs of their pages or posts. Instead of manually adding redirects to each page, this plugin automates the process, saving time and effort.
Recently, a vulnerability has been detected in the plugin, labeled as CVE-2022-0599. The vulnerability stems from the plugin's failure to sanitize and escape the mmursp_id parameter before outputting it on an admin page. This oversight can result in Reflected Cross-Site Scripting, which can potentially allow an attacker to inject arbitrary code into a victim's browser when they click a link containing the malicious code.
The exploitation of this vulnerability can lead to various consequences, including the potential theft of sensitive information, unauthorized access to the user's website, and malware installation on the user's computer. In other words, a hacker can use this vulnerability to gain control over the user's website, steal information, compromise the user's security and that of others who visit their website.
Overall, security should be a top priority for website owners, and vulnerabilities need to be continuously monitored and addressed promptly. For those looking to receive comprehensive and automatic vulnerability reports for their websites, the pro features of s4e.io platform are highly recommended. With automatic scanning and notification features, website owners can stay one step ahead of potential vulnerabilities and ensure their website remains secure.
REFERENCES