CVE-2021-24355 in Simple 301 Redirects Plugin
Summary
by MITRE • 06/14/2021
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/18/2021
The vulnerability identified as CVE-2021-24355 affects the Simple 301 Redirects by BetterLinks WordPress plugin version 2.0.3 and earlier, representing a critical security flaw that undermines the plugin's access control mechanisms. This vulnerability stems from inadequate capability validation and insufficient nonce verification within the plugin's administrative ajax endpoints, specifically targeting the simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard actions. The flaw allows authenticated users to exploit these unprotected endpoints, potentially enabling unauthorized modification of redirect configurations.
The technical implementation of this vulnerability resides in the plugin's failure to properly validate user permissions before executing administrative functions. According to CWE-863, this represents a "Incorrect Authorization" vulnerability where the system fails to properly enforce access controls. The absence of capability checks means that any authenticated user, regardless of their role or permissions level within the WordPress environment, can leverage these ajax endpoints to manipulate redirect settings. Additionally, the insufficient nonce validation creates an avenue for cross-site request forgery attacks, where malicious actors could potentially craft requests to modify wildcard redirect values without proper authorization.
The operational impact of this vulnerability extends beyond simple configuration changes, as wildcard redirect modifications can significantly affect website traffic routing and potentially enable malicious redirection attacks. Attackers could exploit this vulnerability to redirect users to malicious domains, create phishing opportunities, or disrupt normal website operations by altering critical redirect paths. The implications are particularly severe in environments where the plugin is used for managing complex redirect structures or where wildcard patterns are configured to handle large volumes of traffic. This vulnerability aligns with ATT&CK technique T1071.004, which covers application layer protocol: DNS, as redirect modifications could be used to manipulate DNS-based traffic routing.
The mitigation strategy for CVE-2021-24355 requires immediate implementation of the plugin update to version 2.0.4 or later, which addresses the authorization and nonce validation issues. Administrators should also review user roles and permissions to ensure that only trusted administrators have access to plugin administrative functions. Network monitoring should be implemented to detect unusual patterns in redirect modifications, and regular security audits of WordPress plugins should be conducted to identify similar authorization flaws. The vulnerability demonstrates the importance of implementing proper input validation and access control mechanisms, particularly in administrative interfaces where unauthorized modifications could have significant operational consequences. Organizations should also consider implementing additional security layers such as web application firewalls to monitor and block suspicious ajax requests targeting administrative endpoints.