CVE-2021-24356

Name of the Vulnerable Software and Affected Versions Simple 301 Redirects by BetterLinks WordPress plugin versions prior to 2.0.4

Description The issue is related to a lack of capability checks and insufficient nonce check on the AJAX action "simple301redirects/admin/activate plugin". This made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.

Recommendations For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "simple301redirects/admin/activate plugin" AJAX action to prevent unauthorized plugin activation.