CVE-2021-24354

HIGH

Simple 301 Redirects by BetterLinks < 2.0.4 - Authenticated Arbitrary Plugin Installation via AJAX Action

Title source: llm
STIX 2.1

Description

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0148
EPSS Percentile 70.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
wpdeveloper/simple_301_redirects 2.0.0 - 2.0.4
Published Jun 14, 2021
Tracked Since Feb 18, 2026