404 to 301 < 3.0.9 - Logs Deletion via CSRF
CVE-2021-24766
6.5MEDIUM
What is CVE-2021-24766?
The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack
Affected Version(s)
404 to 301 – Redirect, Log and Notify 404 Errors 3.0.9