CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24355 – Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value
https://notcve.org/view.php?id=CVE-2021-24355
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects. En el plugin Simple 301 Redirects by BetterLinks WordPress, versiones anteriores a 2.0.4, una falta de comprobación de capacidad y la comprobación insuficiente de nonce en las acciones AJAX, simple301redirects/admin/get_wildcard y simple301redirects/admin/wildcard, hacían posible que los usuarios autenticados recuperaran y actualizaran el valor del comodín para las redireccionamientos • https://wpscan.com/vulnerability/ce8f9648-30fb-4fb9-894e-879dc0f26f98 https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15818 – Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Missing Authentication on Option Changes
https://notcve.org/view.php?id=CVE-2019-15818
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. El plugin simple-301-redirects-addon-bulk-uploader a través de 1.2.4 para WordPress no tiene requisitos de autenticación para action = bulk301export o action = bulk301clearlist. • https://blog.nintechnet.com/unauthenticated-option-changes-in-wordpress-simple-301-redirects-addon-bulk-uploader-plugin https://wordpress.org/plugins/simple-301-redirects-addon-bulk-uploader/#developers https://wpvulndb.com/vulnerabilities/9503 • CWE-287: Improper Authentication CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •