CVE-2021-24356

CVE-2021-24356: Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation

Vendor Unknown
Product Simple 301 Redirects by BetterLinks
Weakness CWE-862 · Missing authorization
Published June 14, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.

Key dates

02Disclosure timeline

June 14, 2021 CVE published
August 3, 2024 Record updated