CVE-2026-24632
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-01-26

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through <= 1.0.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24632
EUVD
EUVD-2026-4344
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jagdish1o1 delay_redirects to 1.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24632 is a Cross Site Scripting (XSS) vulnerability in the WordPress Delay Redirects Plugin (versions up to 1.0.0). It allows attackers to inject malicious scripts, such as redirects or advertisements, into a website. These scripts execute when visitors access the compromised site. Exploitation requires user interaction by a privileged user performing actions like clicking a malicious link or submitting a form. [1]

Impact Analysis

This vulnerability can lead to malicious scripts running on your website, potentially redirecting visitors to harmful sites, displaying unwanted advertisements, or executing other harmful HTML payloads. This can damage your website's reputation, compromise user trust, and potentially expose users to further attacks. However, exploitation requires privileged user interaction, and the impact is considered moderate. [1]

Detection Guidance

Detection of this DOM-Based XSS vulnerability in the Delay Redirects WordPress plugin involves monitoring for injected scripts or unusual redirects in web page outputs. Since exploitation requires user interaction with crafted inputs, you can inspect HTTP requests and responses for suspicious payloads or script injections related to the plugin. Specific commands are not provided in the resources, but typical approaches include using web vulnerability scanners targeting XSS or manual inspection of plugin-related pages for injected scripts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting privileged user roles (Editor or Developer) from interacting with untrusted links or inputs related to the Delay Redirects plugin, as exploitation requires such user interaction. Since no official fix or patched version is currently available, consider disabling or removing the Delay Redirects plugin until a patch is released. Additionally, implement web application firewall (WAF) rules to block suspicious script injections and monitor for unusual activity. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24632. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart