Vulnerabilities > CVE-2021-24356 - Unspecified vulnerability in Wpdeveloper Simple 301 Redirects

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
wpdeveloper

Summary

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.

Vulnerable Configurations

Part Description Count
Application
Wpdeveloper
1