CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24812 – BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24812
The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. El plugin BetterLinks de WordPress versiones anteriores a 1.2.6, no sanea ni escapa de algunos campos imported link, que podría conllevar problemas de tipo Cross-Site Scripting almacenado cuando un administrador importa un CSV malicioso • https://wpscan.com/vulnerability/6bc8fff1-ff10-4175-8a46-563f0f26f96a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24633 – Countdown Block < 1.1.2 - Missing Authorisation in AJAX action
https://notcve.org/view.php?id=CVE-2021-24633
The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users. El plugin Countdown Block de WordPress versiones anteriores a 1.1.2, no dispone de autorización en la acción AJAX eb_write_block_css, permitiendo a cualquier usuario autenticado, como Subscriber, modificar el contenido de la entrada que se muestra a usuarios • https://wpscan.com/vulnerability/431901eb-0f95-4033-b943-324e6d3844a5 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-24356 – Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation
https://notcve.org/view.php?id=CVE-2021-24356
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites. En el plugin Simple 301 Redirects by BetterLinks WordPress, versiones anteriores a 2.0.4, una falta de comprobación de capacidad y la insuficiente comprobación de nonce en la acción AJAX, simple301redirects/admin/activate_plugin, permitía a los usuarios autenticados activar plugins arbitrarios instalados en sitios vulnerables • https://github.com/RandomRobbieBF/CVE-2021-24356 https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8 https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24353 – Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import
https://notcve.org/view.php?id=CVE-2021-24353
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects. La función import_data del plugin Simple 301 Redirects by BetterLinks WordPress versiones anteriores a 2.0.4, no tenía capacidad ni comprobación de nonce, lo que hacía posible que usuarios no autenticados importaran un conjunto de redireccionamiento del sitio • https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894 https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24354 – Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation
https://notcve.org/view.php?id=CVE-2021-24354
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. Una falta de comprobación de capacidad y la insuficiente comprobación de nonce en la acción AJAX en el plugin Simple 301 Redirects by BetterLinks WordPress versiones anteriores a 2.0.4, hace posible a usuarios autenticados instalar plugins arbitrarios en sitios vulnerables • https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668 https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin • CWE-862: Missing Authorization •