Description
WordPress Plugin Redirection is prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. WordPress Plugin Redirection version 2.2.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.2.10 or latest
References
Related Vulnerabilities
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17)
axios Uncontrolled Resource Consumption Vulnerability (CVE-2021-3749)
Apache HTTP Server Other Vulnerability (CVE-2007-1863)
WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Request Forgery (3.0.6)
Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1487)