Lucene search
+L

186 matches found

CVE
CVE
added 2021/06/14 1:37 p.m.64 views

CVE-2021-24352

The CVE-2021-24352 concerns the WordPress plugin Simple 301 Redirects by BetterLinks. Affected versions before 2.0.4 (notably 2.0.0–2.0.3) expose the export_data function which lacks capability/nonce checks, allowing unauthenticated users to export a site's redirects. This represents an unauthent...

8.8CVSS8.7AI score0.01169EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/06/14 1:37 p.m.19 views

CVE-2021-24353 Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import

The importdata function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects...

8.9AI score0.01107EPSS
Exploits2References2
Cvelist
Cvelist
added 2021/06/14 1:37 p.m.39 views

CVE-2021-24354 Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

8.8AI score0.0148EPSS
Exploits2References2
CVE
CVE
added 2021/06/14 1:37 p.m.61 views

CVE-2021-24355

The CVE concerns the WordPress plugin Simple 301 Redirects by BetterLinks, versions prior to 2.0.4. The root cause is missing authorization checks and insufficient nonce validation on AJAX endpoints, specifically simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard. This al...

4.3CVSS4.5AI score0.0072EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/06/14 12:0 a.m.10 views

WordPress 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in the Simple 301 Redirects by BetterLinks plugin for...

8.8CVSS7.8AI score0.01169EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/06/14 12:0 a.m.8 views

PT-2021-15891 · Betterlinks · Simple 301 Redirects By Betterlinks

Name of the Vulnerable Software and Affected Versions: Simple 301 Redirects by BetterLinks WordPress plugin versions prior to 2.0.4 Description: The issue is related to the lack of capability checks and insufficient nonce check on the AJAX actions, specifically "simple301redirects/admin/get...

4.3CVSS4.3AI score0.0072EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2021/06/14 12:0 a.m.8 views

PT-2021-15888 · WordPress · Simple 301 Redirects By Betterlinks

Name of the Vulnerable Software and Affected Versions: Simple 301 Redirects by BetterLinks WordPress plugin versions prior to 2.0.4 Description: The issue concerns the export data function of the Simple 301 Redirects by BetterLinks WordPress plugin, which had no capability or nonce checks. This...

8.8CVSS8.6AI score0.01169EPSS
Exploits2References6
Patchstack
Patchstack
added 2021/05/26 12:0 a.m.10 views

WordPress Simple 301 Redirects by BetterLinks plugin <= 2.0.3 (2.0.0 – 2.0.3) - Authenticated Wildcard Activation and Retrieval vulnerability

Authenticated Wildcard Activation and Retrieval vulnerability discovered by WordFence in WordPress Simple 301 Redirects by BetterLinks plugin versions = 2.0.3 only versions 2.0.0 – 2.0.3. Solution Update the WordPress Simple 301 Redirects by BetterLinks plugin to the latest available version at...

3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/05/26 12:0 a.m.9 views

WordPress Simple 301 Redirects by BetterLinks plugin <= 2.0.3 (2.0.0 – 2.0.3) - Unauthenticated Redirect Import/Export vulnerability Allowing Total Site Redirection

Unauthenticated Redirect Import/Export vulnerability Allowing Total Site Redirection discovered by WordFence in WordPress Simple 301 Redirects by BetterLinks plugin versions = 2.0.3 only versions from 2.0.0 to 2.0.3. Solution Update the WordPress Simple 301 Redirects by BetterLinks plugin to the...

4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/05/26 12:0 a.m.4 views

WordPress Simple 301 Redirects by BetterLinks plugin <= 2.0.3 (2.0.0 – 2.0.3) - Authenticated Arbitrary Plugin Installation/Activation vulnerability

Authenticated Arbitrary Plugin Installation/Activation vulnerability discovered by WordFence in WordPress Simple 301 Redirects by BetterLinks plugin versions = 2.0.3 only versions from 2.0.0 to 2.0.3. Solution Update the WordPress Simple 301 Redirects by BetterLinks plugin to the latest available...

3.4AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.125 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import

The importdata function of the plugin had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects. curl -i -s -k -X $'POST' \ -H $'Host: URLHERE' -H $'Content-Length: 379' -H $'Cache-Control: max-age=0' -H $'Upgrade-Insecure-Requests: 1' -H...

8.8CVSS1.5AI score0.01107EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/26 12:0 a.m.116 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export

The exportdata function of the plugin had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects. curl -X POST --url "URL/wp-admin/admin-post.php?page=301options&export=true"...

8.8CVSS2.5AI score0.01169EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/05/26 12:0 a.m.17 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation

A lack of capability checks and insufficient nonce check on the AJAX action in the plugin, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch;...

8.8CVSS1.5AI score0.0148EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/26 12:0 a.m.20 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export

The exportdata function of the plugin had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects. PoC curl -X POST --url "URL/wp-admin/admin-post.php?page=301options=true"...

8.8CVSS3AI score0.01169EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2021/05/17 5:15 p.m.14 views

Design/Logic Flaw

The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users even with the unfilteredhtml disabled to set XSS payloads...

3.5CVSS4.7AI score0.00617EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/05/17 4:48 p.m.22 views

CVE-2021-24327 SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users even with the unfilteredhtml disabled to set XSS payloads...

5AI score0.00617EPSS
Exploits2References1
Hacker One
Hacker One
added 2021/05/15 5:0 p.m.40 views

U.S. Dept Of Defense: Cache Posioning leading do Denial of Service on `www.█████████`

Hey! To be clear. This was not an test for Denial of service DOS. I accidentally come a cross this vulnerability when I was testing for Server side request forgery SSRF. I have read you policy well and I was not preforming any type of activity that harmed or slowed you system in anyway. You can...

7.1AI score
Exploits0
NVD
NVD
added 2021/04/05 7:15 p.m.16 views

CVE-2021-24187

The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting XSS as user input is not properly sanitised before being output in an attribute...

5.4CVSS0.00632EPSS
Exploits2References1
Prion
Prion
added 2021/04/05 7:15 p.m.18 views

Cross site scripting

The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting XSS as user input is not properly sanitised before being output in an attribute...

3.5CVSS5.2AI score0.00632EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/04/05 6:27 p.m.51 views

CVE-2021-24187

The CVE-2021-24187 entry affects the WordPress SEO Redirection Plugin ("301 Redirect Manager") prior to v6.4. The vulnerability is a reflected Cross-Site Scripting (XSS) flaw caused by user input not being properly sanitised before output in an attribute. Impact is reflected XSS, with an attack s...

5.4CVSS5.2AI score0.00632EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder