CVE-2021-24354

September 20, 2021

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.

Summary:

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.

Reference Links(if available):

  • https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668
  • https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    Basta

    Black Basta Ransomware Victim: bdcm[.]com

    April 30, 2024
    ai checkout2

    Smart devices: new law helps citizens to choose secure products

    April 30, 2024
    CISA Logo

    CISA: CISA Releases Four Industrial Control Systems Advisories

    April 30, 2024
    CISA Logo

    CISA: CISA and Partners Release Advisory on Akira Ransomware

    April 30, 2024
    CISA Logo

    CISA: Oracle Releases Critical Patch Update Advisory for April 2024

    April 30, 2024