WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF

Description

The plugin does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack

Proof of Concept

https://example.com/wp-admin/admin.php?page=wp-seo-redirect-301/seo_redirect_list.php&delete_id=12&delete_url=https://example.com/yolo

delete_id is the post id, which is public and the delete_url is the URL that redirects to the destination. So an attacker has all the info to exploit it

Affects Plugins

wp-seo-redirect-301
Fixed in version 2.3.2

References

CVE
CVE-2021-24832

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Francesco Carlucci

Submitter

Francesco Carlucci

Submitter website
https://carluc.ci
Submitter twitter
francecarlucci
Verified

Yes

WPVDB ID
cf031259-b76e-475c-8a8e-fa6a0d9e7bb4

Timeline

Publicly Published

2021-10-11 (about 11 months ago)

Added

2021-10-11 (about 11 months ago)

Last Updated

2022-04-08 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin