PT-2021-15889 · Betterlinks · Simple 301 Redirects

Chloe Chamberland

Published

2021-06-14

Updated

2023-01-20

CVE-2021-24353

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions Simple 301 Redirects by BetterLinks WordPress plugin versions prior to 2.0.4

Description The issue concerns the import data function, which lacks capability and nonce checks. This allows unauthenticated users to import site redirects.

Recommendations For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the import data function until a patch is available.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-24353

Affected Products

Simple 301 Redirects

PT-2021-15889 · Betterlinks · Simple 301 Redirects

CVE-2021-24353

Weakness Enumeration

Related Identifiers

Affected Products

References · 6