WordPress Plugin Vulnerabilities

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import

Description

The import_data function of the plugin had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects.

Proof of Concept

Affects Plugins

Plugin icon
simple-301-redirects
Fixed in 2.0.4

References

CVE
CVE-2021-24353
URL
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
9.9 (critical)

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified
Yes
WPVDB ID
74c23d56-e81f-47e9-bf8b-33d3f0e81894

Timeline

Publicly Published
2021-05-26 (about 4 years ago)
Added
2021-05-26 (about 4 years ago)
Last Updated
2021-05-27 (about 4 years ago)

Other

Published
Title
Published
2021-06-30
Title
SEO Wizard <= 4.0.2 - Unauthorised AJAX Calls
Published
2019-07-17
Title
Coming Soon Page & Maintenance Mode < 1.8.2 - Arbitrary Settings Reset
Published
2021-10-05
Title
JobSearch WP Job Board < 1.8.2 - Subscriber+ Arbitrary Blog Options Update
Published
2020-08-04
Title
CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls
Published
2024-05-20
Title
Debug Log – Manger Tool < 1.5 - Unauthenticated Information Exposure via Logs