Search criteria
10 vulnerabilities found for Simple 301 Redirects by BetterLinks by Unknown
CVE-2021-24356 (GCVE-0-2021-24356)
Vulnerability from nvd – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI
Title
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation
Summary
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/05/severe-vul… | x_refsource_MISC |
| https://wpscan.com/vulnerability/be356530-5e00-4f… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple 301 Redirects by BetterLinks |
Affected:
2.0.0 , < 2.0.0*
(custom)
Affected: 2.0.4 , < 2.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T13:37:13.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Arbitrary Plugin Activation",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24356",
"STATE": "PUBLIC",
"TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Arbitrary Plugin Activation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple 301 Redirects by BetterLinks",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"name": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24356",
"datePublished": "2021-06-14T13:37:13.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24355 (GCVE-0-2021-24355)
Vulnerability from nvd – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI
Title
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value
Summary
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/05/severe-vul… | x_refsource_MISC |
| https://wpscan.com/vulnerability/ce8f9648-30fb-4f… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple 301 Redirects by BetterLinks |
Affected:
2.0.0 , < 2.0.0*
(custom)
Affected: 2.0.4 , < 2.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T13:37:13.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Update and Retrieve Wildcard Value",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24355",
"STATE": "PUBLIC",
"TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Update and Retrieve Wildcard Value"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple 301 Redirects by BetterLinks",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"name": "https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24355",
"datePublished": "2021-06-14T13:37:13.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24354 (GCVE-0-2021-24354)
Vulnerability from nvd – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI
Title
Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation
Summary
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/05/severe-vul… | x_refsource_MISC |
| https://wpscan.com/vulnerability/8638b36c-6641-49… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple 301 Redirects by BetterLinks |
Affected:
2.0.0 , < 2.0.0*
(custom)
Affected: 2.0.4 , < 2.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T13:37:13.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24354",
"STATE": "PUBLIC",
"TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple 301 Redirects by BetterLinks",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"name": "https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24354",
"datePublished": "2021-06-14T13:37:13.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24353 (GCVE-0-2021-24353)
Vulnerability from nvd – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI
Title
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import
Summary
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/05/severe-vul… | x_refsource_MISC |
| https://wpscan.com/vulnerability/74c23d56-e81f-47… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple 301 Redirects by BetterLinks |
Affected:
2.0.0 , < 2.0.0*
(custom)
Affected: 2.0.4 , < 2.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T13:37:13.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Unauthenticated Redirect Import",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24353",
"STATE": "PUBLIC",
"TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Unauthenticated Redirect Import"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple 301 Redirects by BetterLinks",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"name": "https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24353",
"datePublished": "2021-06-14T13:37:13.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24352 (GCVE-0-2021-24352)
Vulnerability from nvd – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI
Title
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export
Summary
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/d770f1fa-7652-46… | x_refsource_CONFIRM |
| https://www.wordfence.com/blog/2021/05/severe-vul… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple 301 Redirects by BetterLinks |
Affected:
2.0.0 , < 2.0.0*
(custom)
Affected: 2.0.4 , < 2.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site\u0027s redirects."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T13:37:13.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Unauthenticated Redirect Export",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24352",
"STATE": "PUBLIC",
"TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Unauthenticated Redirect Export"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple 301 Redirects by BetterLinks",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site\u0027s redirects."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d"
},
{
"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24352",
"datePublished": "2021-06-14T13:37:13.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24352 (GCVE-0-2021-24352)
Vulnerability from cvelistv5 – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI
Title
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export
Summary
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/d770f1fa-7652-46… | x_refsource_CONFIRM |
| https://www.wordfence.com/blog/2021/05/severe-vul… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple 301 Redirects by BetterLinks |
Affected:
2.0.0 , < 2.0.0*
(custom)
Affected: 2.0.4 , < 2.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site\u0027s redirects."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T13:37:13.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Unauthenticated Redirect Export",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24352",
"STATE": "PUBLIC",
"TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Unauthenticated Redirect Export"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple 301 Redirects by BetterLinks",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site\u0027s redirects."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d"
},
{
"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24352",
"datePublished": "2021-06-14T13:37:13.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24353 (GCVE-0-2021-24353)
Vulnerability from cvelistv5 – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI
Title
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import
Summary
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/05/severe-vul… | x_refsource_MISC |
| https://wpscan.com/vulnerability/74c23d56-e81f-47… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple 301 Redirects by BetterLinks |
Affected:
2.0.0 , < 2.0.0*
(custom)
Affected: 2.0.4 , < 2.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T13:37:13.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Unauthenticated Redirect Import",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24353",
"STATE": "PUBLIC",
"TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Unauthenticated Redirect Import"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple 301 Redirects by BetterLinks",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"name": "https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24353",
"datePublished": "2021-06-14T13:37:13.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24356 (GCVE-0-2021-24356)
Vulnerability from cvelistv5 – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI
Title
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation
Summary
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/05/severe-vul… | x_refsource_MISC |
| https://wpscan.com/vulnerability/be356530-5e00-4f… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple 301 Redirects by BetterLinks |
Affected:
2.0.0 , < 2.0.0*
(custom)
Affected: 2.0.4 , < 2.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T13:37:13.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Arbitrary Plugin Activation",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24356",
"STATE": "PUBLIC",
"TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Arbitrary Plugin Activation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple 301 Redirects by BetterLinks",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"name": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24356",
"datePublished": "2021-06-14T13:37:13.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24354 (GCVE-0-2021-24354)
Vulnerability from cvelistv5 – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI
Title
Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation
Summary
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/05/severe-vul… | x_refsource_MISC |
| https://wpscan.com/vulnerability/8638b36c-6641-49… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple 301 Redirects by BetterLinks |
Affected:
2.0.0 , < 2.0.0*
(custom)
Affected: 2.0.4 , < 2.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T13:37:13.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24354",
"STATE": "PUBLIC",
"TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple 301 Redirects by BetterLinks",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"name": "https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24354",
"datePublished": "2021-06-14T13:37:13.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24355 (GCVE-0-2021-24355)
Vulnerability from cvelistv5 – Published: 2021-06-14 13:37 – Updated: 2024-08-03 19:28
VLAI
Title
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value
Summary
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.
Severity
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/blog/2021/05/severe-vul… | x_refsource_MISC |
| https://wpscan.com/vulnerability/ce8f9648-30fb-4f… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple 301 Redirects by BetterLinks |
Affected:
2.0.0 , < 2.0.0*
(custom)
Affected: 2.0.4 , < 2.0.4 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T13:37:13.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Update and Retrieve Wildcard Value",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24355",
"STATE": "PUBLIC",
"TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Update and Retrieve Wildcard Value"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple 301 Redirects by BetterLinks",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "2.0.0",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"
},
{
"name": "https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24355",
"datePublished": "2021-06-14T13:37:13.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}