Vulnerabilities > CVE-2021-24353 - Missing Authorization vulnerability in Wpdeveloper Simple 301 Redirects

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

HIGH

network

low complexity

wpdeveloper

CWE-862

NVD

Published: 2021-06-14

Updated: 2023-01-20

Summary

The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects.

Vulnerable Configurations

Part	Description	Count
Application	Wpdeveloper Wpdeveloper Simple 301 Redirects *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/