CVE-2021-24354
Published on: 06/14/2021 12:00:00 AM UTC
Last Modified on: 05/03/2022 01:05:00 PM UTC
Certain versions of Simple 301 Redirects from Wpdeveloper contain the following vulnerability:
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.
- CVE-2021-24354 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software:
Unknown - Simple 301 Redirects by BetterLinks version >= 2.0.0
- Affected Vendor/Software:
Unknown - Simple 301 Redirects by BetterLinks version < 2.0.4
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Attention Required! | Cloudflare | wpscan.com text/html Inactive LinkNot Archived |
![]() |
Severe Vulnerabilities Patched in Simple 301 Redirects by BetterLinks Plugin | www.wordfence.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Wpdeveloper | Simple 301 Redirects | All | All | All | All |
- cpe:2.3:a:wpdeveloper:simple_301_redirects:*:*:*:*:*:wordpress:*:*:
Discovery Credit
Chloe Chamberland
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-24354 : A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redi… twitter.com/i/web/status/1… | 2021-06-14 13:50:00 |
![]() |
CVE-2021-24354 | 2021-06-14 14:41:58 |