CVE-2021-24356 - OpenCVE

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wpdeveloper	Simple 301 Redirects

Configuration 1 [-]

cpe:2.3:a:wpdeveloper:simple_301_redirects:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8	Exploit Third Party Advisory
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2021-06-14T13:37:13

Updated: 2021-06-14T13:37:13

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24356

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-14T14:15:08.820

Modified: 2022-12-09T16:02:32.663

Link: CVE-2021-24356

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"containers": {"cna": {"affected": [{"product": "Simple 301 Redirects by BetterLinks", "vendor": "Unknown", "versions": [{"lessThan": "2.0.0*", "status": "affected", "version": "2.0.0", "versionType": "custom"}, {"lessThan": "2.0.4", "status": "affected", "version": "2.0.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chloe Chamberland"}], "descriptions": [{"lang": "en", "value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-14T13:37:13", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8"}], "source": {"discovery": "UNKNOWN"}, "title": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Arbitrary Plugin Activation", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24356", "STATE": "PUBLIC", "TITLE": "Simple 301 Redirects by BetterLinks - 2.0.0 \u2013 2.0.3 - Arbitrary Plugin Activation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Simple 301 Redirects by BetterLinks", "version": {"version_data": [{"version_affected": ">=", "version_name": "2.0.0", "version_value": "2.0.0"}, {"version_affected": "<", "version_name": "2.0.4", "version_value": "2.0.4"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Chloe Chamberland"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"}, {"name": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24356", "datePublished": "2021-06-14T13:37:13", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2021-06-14T13:37:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpdeveloper:simple_301_redirects:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8538C2B0-FF7E-4BE1-B282-594BF6C61C61", "versionEndExcluding": "2.0.4", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites."}, {"lang": "es", "value": "En el plugin Simple 301 Redirects by BetterLinks WordPress, versiones anteriores a 2.0.4, una falta de comprobaci\u00f3n de capacidad y la insuficiente comprobaci\u00f3n de nonce en la acci\u00f3n AJAX, simple301redirects/admin/activate_plugin, permit\u00eda a los usuarios autenticados activar plugins arbitrarios instalados en sitios vulnerables"}], "id": "CVE-2021-24356", "lastModified": "2022-12-09T16:02:32.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-14T14:15:08.820", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "contact@wpscan.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Secondary"}]}