WordPress Plugin Vulnerabilities

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export

Description

The export_data function of the plugin had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.

Proof of Concept

Affects Plugins

Plugin icon
simple-301-redirects
Fixed in 2.0.4

References

CVE
CVE-2021-24352
URL
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
9.9 (critical)

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified
Yes
WPVDB ID
d770f1fa-7652-465a-833c-b7178146847d

Timeline

Publicly Published
2021-05-26 (about 4 years ago)
Added
2021-05-26 (about 4 years ago)
Last Updated
2021-05-27 (about 4 years ago)

Other

Published
Title
Published
2024-02-06
Title
AMP for WP < 1.0.93.2 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data
Published
2024-12-09
Title
LearnPress – WordPress LMS Plugin < 4.2.7.4 - Course Material Sensitive Information Exposure via REST API
Published
2024-03-25
Title
WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
Published
2024-02-27
Title
Under Construction / Maintenance Mode from Acurax <= 2.6 - Information Exposure
Published
2021-08-02
Title
WP LMS < 1.1.5 - Unauthenticated Arbitrary User Field Edition/Creation