CVE-2026-24632
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-24632, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-23

Last updated on: 2026-01-26

Assigner: Patchstack

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through <= 1.0.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-23
Last Modified
2026-01-26
Generated
2026-07-06
AI Q&A
2026-01-23
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
jagdish1o1 delay_redirects to 1.0.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-24632 is a Cross Site Scripting (XSS) vulnerability in the WordPress Delay Redirects Plugin (versions up to 1.0.0). It allows attackers to inject malicious scripts, such as redirects or advertisements, into a website. These scripts execute when visitors access the compromised site. Exploitation requires user interaction by a privileged user performing actions like clicking a malicious link or submitting a form. [1]

Impact Analysis

This vulnerability can lead to malicious scripts running on your website, potentially redirecting visitors to harmful sites, displaying unwanted advertisements, or executing other harmful HTML payloads. This can damage your website's reputation, compromise user trust, and potentially expose users to further attacks. However, exploitation requires privileged user interaction, and the impact is considered moderate. [1]

Detection Guidance

Detection of this DOM-Based XSS vulnerability in the Delay Redirects WordPress plugin involves monitoring for injected scripts or unusual redirects in web page outputs. Since exploitation requires user interaction with crafted inputs, you can inspect HTTP requests and responses for suspicious payloads or script injections related to the plugin. Specific commands are not provided in the resources, but typical approaches include using web vulnerability scanners targeting XSS or manual inspection of plugin-related pages for injected scripts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting privileged user roles (Editor or Developer) from interacting with untrusted links or inputs related to the Delay Redirects plugin, as exploitation requires such user interaction. Since no official fix or patched version is currently available, consider disabling or removing the Delay Redirects plugin until a patch is released. Additionally, implement web application firewall (WAF) rules to block suspicious script injections and monitor for unusual activity. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24632. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart