WordPress Plugin Vulnerabilities

WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF

Description

The plugin does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack

Proof of Concept

https://example.com/wp-admin/admin.php?page=wp-seo-redirect-301/seo_redirect_list.php&delete_id=12&delete_url=https://example.com/yolo

delete_id is the post id, which is public and the delete_url is the URL that redirects to the destination. So an attacker has all the info to exploit it

Affects Plugins

Plugin icon
wp-seo-redirect-301
Fixed in 2.3.2

References

CVE
CVE-2021-24832

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Submitter
Francesco Carlucci
Submitter website
https://carluc.ci
Submitter twitter
francecarlucci
Verified
Yes
WPVDB ID
cf031259-b76e-475c-8a8e-fa6a0d9e7bb4

Timeline

Publicly Published
2021-10-11 (about 2 years ago)
Added
2021-10-11 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)

Other

Published
Title
Published
2024-01-31
Title
Accessibility < 1.0.7 - Cross-Site Request Forgery
Published
2014-08-01
Title
qTranslate 2.5.34 - Setting Manipulation CSRF
Published
2023-06-02
Title
Contact Form Builder by vcita <= 4.10.2 - Settings Update Via CSRF
Published
2020-09-16
Title
WP Project Manager < 2.4.1 - Cross-Site Request Forgery
Published
2024-03-26
Title
RegistrationMagic < 5.3.1.0 - Cross-Site Request Forgery