CVE-2026-24632
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-01-26
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jagdish1o1 | delay_redirects | to 1.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24632 is a Cross Site Scripting (XSS) vulnerability in the WordPress Delay Redirects Plugin (versions up to 1.0.0). It allows attackers to inject malicious scripts, such as redirects or advertisements, into a website. These scripts execute when visitors access the compromised site. Exploitation requires user interaction by a privileged user performing actions like clicking a malicious link or submitting a form. [1]
How can this vulnerability impact me? :
This vulnerability can lead to malicious scripts running on your website, potentially redirecting visitors to harmful sites, displaying unwanted advertisements, or executing other harmful HTML payloads. This can damage your website's reputation, compromise user trust, and potentially expose users to further attacks. However, exploitation requires privileged user interaction, and the impact is considered moderate. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this DOM-Based XSS vulnerability in the Delay Redirects WordPress plugin involves monitoring for injected scripts or unusual redirects in web page outputs. Since exploitation requires user interaction with crafted inputs, you can inspect HTTP requests and responses for suspicious payloads or script injections related to the plugin. Specific commands are not provided in the resources, but typical approaches include using web vulnerability scanners targeting XSS or manual inspection of plugin-related pages for injected scripts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting privileged user roles (Editor or Developer) from interacting with untrusted links or inputs related to the Delay Redirects plugin, as exploitation requires such user interaction. Since no official fix or patched version is currently available, consider disabling or removing the Delay Redirects plugin until a patch is released. Additionally, implement web application firewall (WAF) rules to block suspicious script injections and monitor for unusual activity. [1]