CVE-2021-24356

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/06/2021
Last modified:
09/12/2022

Description

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:wpdeveloper:simple_301_redirects:*:*:*:*:*:wordpress:*:* 2.0.0 (including) 2.0.4 (excluding)