Lucene search
WPScanCVELIST:CVE-2021-24356HistoryJun 14, 2021 - 1:37 p.m.
CVE-2021-24356 Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation
2021-06-1413:37:13
CWE-862
WPScan
www.cve.org
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.
CNA Affected
[
{
"product": "Simple 301 Redirects by BetterLinks",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.0.0*",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.0.4",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
prion
prion
Design/Logic Flaw
2021-06-14 14:15:00
cve
cve
CVE-2021-24356
2021-06-14 14:15:08
wpexploit
wpexploit
nvd
nvd
CVE-2021-24356
2021-06-14 14:15:08
githubexploit
githubexploit
Exploit for Missing Authorization in Wpdeveloper Simple 301 Redirects
2023-08-09 18:24:19
openvas
openvas