Login Sign Up

CVE-2021-24352

8.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthenticated attackers to export all redirect rules from WordPress sites using the Simple 301 Redirects by BetterLinks plugin. Any WordPress site with the vulnerable plugin version installed is affected, potentially exposing sensitive URL mapping information.

💻 Affected Systems

Products:
  • Simple 301 Redirects by BetterLinks WordPress Plugin
Versions: All versions before 2.0.4
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all WordPress installations with the vulnerable plugin version, regardless of configuration.

📦 What is this software?

Simple 301 Redirects by Wpdeveloper

View all CVEs affecting Simple 301 Redirects →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map internal site structure, discover hidden pages, or gather intelligence for further attacks by analyzing exported redirect rules.

🟠

Likely Case

Information disclosure of redirect configurations, potentially revealing internal URL structures or sensitive page locations.

🟢

If Mitigated

No impact if proper authentication and authorization controls are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP request to the vulnerable endpoint without authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.4

Vendor Advisory: https://wordpress.org/plugins/simple-301-redirects/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find Simple 301 Redirects by BetterLinks. 4. Click 'Update Now' or manually update to version 2.0.4 or later.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate simple-301-redirects

Block Vulnerable Endpoint

linux

Block access to the export_data function via web server configuration

# Add to .htaccess for Apache: RewriteRule ^wp-content/plugins/simple-301-redirects/export_data - [F,L]
# Add to nginx config: location ~ /wp-content/plugins/simple-301-redirects/export_data { deny all; }

🧯 If You Can't Patch

  • Remove the plugin entirely if patching is not possible
  • Implement redirects at web server level instead of using plugin

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Simple 301 Redirects by BetterLinks version

Check Version:

wp plugin get simple-301-redirects --field=version

Verify Fix Applied:

Verify plugin version is 2.0.4 or later in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /wp-content/plugins/simple-301-redirects/export_data from unauthenticated users
  • Unusual export requests to plugin endpoints

Network Indicators:

  • GET requests to plugin export endpoints without authentication headers

SIEM Query:

source="web_logs" AND uri="/wp-content/plugins/simple-301-redirects/export_data" AND NOT user_agent="WordPress/*"

📊 Metadata

CVE ID: CVE-2021-24352
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
CWE: CWE-862
Published: June 14, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24352, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)