WP SEO Redirect 301 < 2.3.2 – Redirect Deletion via CSRF | CVE 2021-24832 | Plugin Vulnerabilities

Description

The plugin does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack

Proof of Concept

https://example.com/wp-admin/admin.php?page=wp-seo-redirect-301/seo_redirect_list.php&delete_id=12&delete_url=https://example.com/yolo

delete_id is the post id, which is public and the delete_url is the URL that redirects to the destination. So an attacker has all the info to exploit it

Affects Plugins

wp-seo-redirect-301

Fixed in 2.3.2

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Submitter

Francesco Carlucci

Submitter website

https://carluc.ci

Submitter twitter

Verified

Yes

WPVDB ID

cf031259-b76e-475c-8a8e-fa6a0d9e7bb4

Timeline

Publicly Published

2021-10-11 (about 4 years ago)

Added

2021-10-11 (about 4 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2024-05-07

Title

ADFO – Custom data in admin dashboard < 1.9.1 - Cross-Site Request Forgery

Published

2022-06-30

Title

Popup Builder < 4.1.12 - Settings Update via CSRF

Published

2024-04-10

Title

Page Builder: Live Composer < 1.5.36 - Cross-Site Request Forgery

Published

2020-12-15

Title

Redux Framework < 4.1.21 - CSRF Nonce Validation Bypass

Published

2024-04-05

Title

Post Views Counter < 1.4.5 - Cross-Site Request Forgery via save_bulk_post_views()