WordPress Plugin Vulnerabilities

404 to 301 < 3.0.9 - Logs Deletion via CSRF

Description

The plugin does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack

Proof of Concept

Affects Plugins

Plugin icon
404-to-301
Fixed in 3.0.9

References

CVE
CVE-2021-24766

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
cc13db1e-5f7f-49b2-81da-f913cfe70543

Timeline

Publicly Published
2021-10-11 (about 4 years ago)
Added
2021-10-11 (about 4 years ago)
Last Updated
2022-04-08 (about 3 years ago)

Other

Published
Title
Published
2023-10-18
Title
Novo-Map : your WP posts on custom google maps <= 1.1.2 - CSRF
Published
2024-06-01
Title
Shield Security – Smart Bot Blocking & Intrusion Prevention Security < 19.1.11 - Cross-Site Request Forgery
Published
2023-09-01
Title
Responsive Gallery Grid < 2.3.14 - Settings Update via CSRF
Published
2025-02-14
Title
what3words Address Field < 4.0.16 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-03-25
Title
Advance Search <= 1.1.6 - Shortcode Deletion via CSRF