WordPress Plugin Vulnerabilities

404 to 301 < 3.0.8 - Broken Access Control

Description

The 404 to 301 WordPress plugin was found to be affected by a Broken Access Control vulnerability, which could allow malicious redirects or aid in phishing.

Affects Plugins

Plugin icon
404-to-301
Fixed in 3.0.8

References

CVE
CVE-2021-4338
URL
https://plugins.trac.wordpress.org/changeset/2546695/404-to-301
URL
https://blog.nintechnet.com/broken-access-control-vulnerability-fixed-in-wordpress-404-to-301-plugin/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
NinTechNet
Verified
No
WPVDB ID
9f147107-bc5a-4a01-9979-cd9e16061f12

Timeline

Publicly Published
2021-06-18 (about 4 years ago)
Added
2021-06-18 (about 4 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2024-02-27
Title
WordPress Access Control <= 4.0.13 - Improper Access Control to Sensitive Information Exposure via REST API
Published
2024-02-02
Title
EventPrime < 3.4.0 - Improper Input Validation via save_event_booking
Published
2021-07-07
Title
WP Upload Restriction < 2.2.5 - Missing Access Control in getSelectedMimeTypesByRole
Published
2021-03-16
Title
wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover
Published
2021-08-02
Title
WP LMS < 1.1.5 - Unauthenticated Arbitrary User Field Edition/Creation