CVE-2021-24766

Name of the Vulnerable Software and Affected Versions: The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin versions prior to 3.0.9

Description: The issue concerns a lack of CSRF check when cleaning logs, which could allow an attacker to make a logged-in admin delete all logs via a CSRF attack. This occurs because the plugin does not have a CSRF check in place for this specific action.

Recommendations: For versions prior to 3.0.9, update to version 3.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the log cleaning functionality to minimize the risk of exploitation.