CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2023-47761 – Simple 301 Redirects by BetterLinks <= 2.0.7 - Missing Authorization via clicked
https://notcve.org/view.php?id=CVE-2023-47761
The Simple 301 Redirects by BetterLinks plugin for WordPress is vulnerable to unauthorized enabling of plugin usage tracking due to a missing capability check on the clicked function in all versions up to, and including, 2.0.7. This makes it possible for subscribers to enable plugin tracking. • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-24356 – Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation
https://notcve.org/view.php?id=CVE-2021-24356
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable sites. En el plugin Simple 301 Redirects by BetterLinks WordPress, versiones anteriores a 2.0.4, una falta de comprobación de capacidad y la insuficiente comprobación de nonce en la acción AJAX, simple301redirects/admin/activate_plugin, permitía a los usuarios autenticados activar plugins arbitrarios instalados en sitios vulnerables • https://github.com/RandomRobbieBF/CVE-2021-24356 https://wpscan.com/vulnerability/be356530-5e00-4f27-8177-b80f3c1ae6e8 https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24353 – Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import
https://notcve.org/view.php?id=CVE-2021-24353
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects. La función import_data del plugin Simple 301 Redirects by BetterLinks WordPress versiones anteriores a 2.0.4, no tenía capacidad ni comprobación de nonce, lo que hacía posible que usuarios no autenticados importaran un conjunto de redireccionamiento del sitio • https://wpscan.com/vulnerability/74c23d56-e81f-47e9-bf8b-33d3f0e81894 https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24354 – Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation
https://notcve.org/view.php?id=CVE-2021-24354
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. Una falta de comprobación de capacidad y la insuficiente comprobación de nonce en la acción AJAX en el plugin Simple 301 Redirects by BetterLinks WordPress versiones anteriores a 2.0.4, hace posible a usuarios autenticados instalar plugins arbitrarios en sitios vulnerables • https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668 https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24352 – Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export
https://notcve.org/view.php?id=CVE-2021-24352
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects. La función export_data del plugin Simple 301 Redirects by BetterLinks WordPress versiones anteriores a 2.0.4, no tenía capacidad ni comprobaciones de nonce que permitieran a usuarios no autenticados exportar los redireccionamientos del sitio • https://wpscan.com/vulnerability/d770f1fa-7652-465a-833c-b7178146847d https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin • CWE-862: Missing Authorization •