Vulnerabilities > CVE-2021-24355 - Missing Authorization vulnerability in Wpdeveloper Simple 301 Redirects

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wpdeveloper

CWE-862

NVD

Published: 2021-06-14

Updated: 2022-12-09

Summary

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.

Vulnerable Configurations

Part	Description	Count
Application	Wpdeveloper Wpdeveloper Simple 301 Redirects *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/