Published: 14/06/2021 Updated: 09/12/2022

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

In the Simple 301 Redirects by BetterLinks WordPress plugin prior to 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wpdeveloper simple 301 redirects

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Subscriber + Arbitrary Plugin Installation

CVE-2021-24356 Simple 301 Redirects by BetterLinks - 200 – 203 - Subscriber + Arbitrary Plugin Installation Description A lack of capability checks and insufficient nonce check on the AJAX action in the plugin, made it possible for authenticated users to install arbitrary plugins on vulnerable sites How to use $ python3 CVE-2021-24356py --url wordpresslan --

CWE-862 https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8 https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/https://nvd.nist.gov https://github.com/RandomRobbieBF/CVE-2021-24356

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-24356

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect