CVE-2021-24354
HIGHSimple 301 Redirects by BetterLinks < 2.0.4 - Authenticated Arbitrary Plugin Installation via AJAX Action
Title source: llmDescription
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/
Exploit, Third Party Advisory x_refsource_confirm
https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668
Scores
CVSS v3
8.8
EPSS
0.0148
EPSS Percentile
70.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
wpdeveloper/simple_301_redirects
2.0.0 - 2.0.4
Published
Jun 14, 2021
Tracked Since
Feb 18, 2026