WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF
CVE-2021-24832

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Seo Redirect 301
Vendor: CVE Published:; 8 November 2021

Summary

The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack

Affected Version(s)

WP SEO Redirect 301 2.3.2

References

https://wpscan.com/vulnerability/cf031259-b76e-475c-8a8e-...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

Francesco Carlucci