WordPress Plugin Vulnerabilities

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation

Description

A lack of capability checks and insufficient nonce check on the AJAX action in the plugin, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.

Proof of Concept

Affects Plugins

Plugin icon
simple-301-redirects
Fixed in 2.0.4

References

CVE
CVE-2021-24354
URL
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
7.4 (high)

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified
Yes
WPVDB ID
8638b36c-6641-491f-b9df-5db3645e4668

Timeline

Publicly Published
2021-05-26 (about 4 years ago)
Added
2021-05-26 (about 4 years ago)
Last Updated
2021-05-27 (about 4 years ago)

Other

Published
Title
Published
2021-03-24
Title
All Thrive Themes and Plugins - Unauthenticated Option Update
Published
2020-12-14
Title
Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download
Published
2021-07-12
Title
Advanced Menu Manager < 3.0.7 - Unauthorised Menu Creation/Deletion
Published
2025-02-19
Title
Prime Addons for Elementor < 2.0.2 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode
Published
2024-01-10
Title
WP Customer Area < 8.2.1 - Subscriber+ Account Address Update