Vulnerability Details : CVE-2021-24354
Potential exploit
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.
Products affected by CVE-2021-24354
- Wpdeveloper » Simple 301 Redirects » For WordpressVersions from including (>=) 2.0.0 and before (<) 2.0.4cpe:2.3:a:wpdeveloper:simple_301_redirects:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-24354
0.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-24354
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-24354
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by:
- contact@wpscan.com (Primary)
- nvd@nist.gov (Secondary)
References for CVE-2021-24354
-
https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668
Attention Required! | CloudflareExploit;Third Party Advisory
-
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/
Severe Vulnerabilities Patched in Simple 301 Redirects by BetterLinks PluginExploit;Third Party Advisory
Jump to