{"containers":{"cna":{"affected":[{"product":"Simple 301 Redirects by BetterLinks","vendor":"Unknown","versions":[{"lessThan":"2.0.0*","status":"affected","version":"2.0.0","versionType":"custom"},{"lessThan":"2.0.4","status":"affected","version":"2.0.4","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Chloe Chamberland"}],"descriptions":[{"lang":"en","value":"A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-06-14T13:37:13.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"},{"tags":["x_refsource_CONFIRM"],"url":"https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668"}],"source":{"discovery":"UNKNOWN"},"title":"Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2021-24354","STATE":"PUBLIC","TITLE":"Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Simple 301 Redirects by BetterLinks","version":{"version_data":[{"version_affected":">=","version_name":"2.0.0","version_value":"2.0.0"},{"version_affected":"<","version_name":"2.0.4","version_value":"2.0.4"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"Chloe Chamberland"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites."}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-862 Missing Authorization"}]}]},"references":{"reference_data":[{"name":"https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/","refsource":"MISC","url":"https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"},{"name":"https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668","refsource":"CONFIRM","url":"https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T19:28:23.447Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2021-24354","datePublished":"2021-06-14T13:37:13.000Z","dateReserved":"2021-01-14T00:00:00.000Z","dateUpdated":"2024-08-03T19:28:23.447Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}