Authorization Bypass in 404 to 301 Redirects Plugin for WordPress
CVE-2021-4338

6.4MEDIUM

Key Information:

Vendor

Wordpress
Status
404 To 301 – Redirect, Log And Notify 404 Errors
Vendor
CVE Published:
7 June 2023

What is CVE-2021-4338?

The 404 to 301 plugin for WordPress is susceptible to authorization bypass due to inadequate capability checks in the open_redirect and save_redirect functions. Authenticated attackers can exploit this vulnerability to create, edit, and view redirections without proper permissions, potentially leading to unauthorized access and manipulation of redirection paths.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

404 to 301 – Redirect, Log and Notify 404 Errors * <= 3.0.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset/2546695/404-...
https://blog.nintechnet.com/broken-access-control-vulnera...

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jerome Bruandet
JSON
.