CVE-2021-24355

CVE-2021-24355: Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value

Vendor Unknown
Product Simple 301 Redirects by BetterLinks
Weakness CWE-862 · Missing authorization
Published June 14, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.

Key dates

02Disclosure timeline

June 14, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-30864 WordPress Exchange Rates plugin <= 1.2.2 - Broken Access Control vulnerability CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX CVE-2023-41802 WordPress Super Socializer plugin <= 7.13.54 - Broken Access Control vulnerability CVE-2023-49831 WordPress RegistrationMagic plugin <= 5.2.3.0 - Broken Access Control vulnerability CVE-2025-0763 Ultimate Classified Listings <= 1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update