Vulnerabilities > CVE-2021-24353 - Missing Authorization vulnerability in Wpdeveloper Simple 301 Redirects

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
HIGH
network
low complexity
wpdeveloper
CWE-862

Summary

The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects.

Vulnerable Configurations

Part Description Count
Application
Wpdeveloper
1

Common Weakness Enumeration (CWE)