Vulnerabilities > CVE-2021-24352 - Missing Authorization vulnerability in Wpdeveloper Simple 301 Redirects

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

HIGH

network

low complexity

wpdeveloper

CWE-862

NVD

Published: 2021-06-14

Updated: 2023-01-20

Summary

The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.

Vulnerable Configurations

Part	Description	Count
Application	Wpdeveloper Wpdeveloper Simple 301 Redirects *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/