CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15776 – Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Missing Authorization
https://notcve.org/view.php?id=CVE-2019-15776
10 Aug 2019 — The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. El plugin simple-301-redirects-addon-bulk-uploader versiones anteriores a 1.2.5 para WordPress, no presenta protección contra la inyección de la regla de redireccionamiento 301 por medio de un archivo CSV. • https://threatpost.com/wordpress-plugins-exploited-in-ongoing-attack-researchers-warn/147671 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15818 – Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Missing Authentication on Option Changes
https://notcve.org/view.php?id=CVE-2019-15818
10 Aug 2019 — The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. El plugin simple-301-redirects-addon-bulk-uploader a través de 1.2.4 para WordPress no tiene requisitos de autenticación para action = bulk301export o action = bulk301clearlist. • https://blog.nintechnet.com/unauthenticated-option-changes-in-wordpress-simple-301-redirects-addon-bulk-uploader-plugin • CWE-287: Improper Authentication CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •