Vulnerabilities > CVE-2021-24356 - Missing Authorization vulnerability in Wpdeveloper Simple 301 Redirects

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wpdeveloper

CWE-862

NVD

Published: 2021-06-14

Updated: 2022-12-09

Summary

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.

Vulnerable Configurations

Part	Description	Count
Application	Wpdeveloper Wpdeveloper Simple 301 Redirects *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/