CVE-2021-24354 – This vulnerability in the Simple 301 Redirects ... (How to Fix)

Q: What is the severity of CVE-2021-24354?

CVE-2021-24354 has a CVSS score of 8.8 (HIGH). This vulnerability in the Simple 301 Redirects by BetterLinks WordPress plugin allows authenticated users to install arbitrary plugins on vulnerable sites. It affects WordPress sites running plugin versions before 2.0.4. The issue stems from missing capability checks and insufficient nonce validation in AJAX endpoints.

📋 TL;DR

This vulnerability in the Simple 301 Redirects by BetterLinks WordPress plugin allows authenticated users to install arbitrary plugins on vulnerable sites. It affects WordPress sites running plugin versions before 2.0.4. The issue stems from missing capability checks and insufficient nonce validation in AJAX endpoints.

💻 Affected Systems

Products:

Simple 301 Redirects by BetterLinks WordPress Plugin

Versions: All versions before 2.0.4

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin activated. Any authenticated user account (including subscribers) can exploit this vulnerability.

📦 What is this software?

Simple 301 Redirects by Wpdeveloper

View all CVEs affecting Simple 301 Redirects →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with any authenticated account could install malicious plugins, potentially gaining full administrative control, executing arbitrary code, or establishing persistent backdoors.

🟠

Likely Case

Attackers with subscriber-level access could install plugins that steal data, redirect traffic, or create administrative accounts for themselves.

🟢

If Mitigated

With proper user access controls and network segmentation, impact would be limited to the compromised user's permissions and isolated to the affected WordPress instance.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained. Public proof-of-concept code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.4

Vendor Advisory: https://wordpress.org/plugins/simple-301-redirects/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Simple 301 Redirects by BetterLinks'. 4. Click 'Update Now' if available, or manually update to version 2.0.4 or later. 5. Verify the plugin version after update.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Simple 301 Redirects plugin until patched

wp plugin deactivate simple-301-redirects

Restrict user registration

all

Disable new user registration to limit potential attack surface

wp option update users_can_register 0

🧯 If You Can't Patch

Implement strict user access controls and review all authenticated accounts
Deploy web application firewall rules to block suspicious plugin installation requests

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Simple 301 Redirects by BetterLinks → View version number

Check Version:

wp plugin get simple-301-redirects --field=version

Verify Fix Applied:

Confirm plugin version is 2.0.4 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual plugin installation events
AJAX requests to plugin-specific endpoints from non-admin users
Multiple failed authentication attempts followed by successful login

Network Indicators:

HTTP POST requests to /wp-admin/admin-ajax.php with action parameters related to plugin installation
Unusual outbound connections after plugin activation

SIEM Query:

source="wordpress.log" AND ("admin-ajax.php" AND "action=install_plugin" OR "simple-301-redirects")

📊 Metadata

CVE ID: CVE-2021-24354

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: June 14, 2021

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668 Exploit,Third Party Advisory
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/8638b36c-6641-491f-b9df-5db3645e4668 Exploit,Third Party Advisory
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24354, you might also want to check these: